Prepare release v2.8.1

Update the language for advocating page
Improve performances when Prometheus metrics are enabled
2022-07-11 16:02:09 +02:00 · 2022-07-08 10:28:08 +02:00 · 2022-07-07 18:00:09 +02:00 · 2022-07-06 11:54:08 +02:00 · 2022-07-05 10:02:09 +02:00 · 2022-07-04 15:50:09 +02:00
55 changed files with 915 additions and 609 deletions
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -3,11 +3,11 @@ PLEASE READ THIS MESSAGE.

 Documentation fixes or enhancements:
 - for Traefik v1: use branch v1.7
- for Traefik v2: use branch v2.7
+- for Traefik v2: use branch v2.8

 Bug fixes:
 - for Traefik v1: use branch v1.7
- for Traefik v2: use branch v2.7
+- for Traefik v2: use branch v2.8

 Enhancements:
 - for Traefik v1: we only accept bug fixes
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,58 @@
+## [v2.8.1](https://github.com/traefik/traefik/tree/v2.8.1) (2022-07-11)
+[All Commits](https://github.com/traefik/traefik/compare/v2.8.0...v2.8.1)
+
+**Bug fixes:**
+- **[kv]** Upgrade valkeyrie to v0.4.1 ([#9161](https://github.com/traefik/traefik/pull/9161) by [moutoum](https://github.com/moutoum))
+- **[middleware,metrics]** Improve performances when Prometheus metrics are enabled ([#9168](https://github.com/traefik/traefik/pull/9168) by [juliens](https://github.com/juliens))
+- **[middleware]** Support forwarded websocket protocol in RedirectScheme ([#9159](https://github.com/traefik/traefik/pull/9159) by [moutoum](https://github.com/moutoum))
+
+**Documentation:**
+- Update the language for advocating page ([#9169](https://github.com/traefik/traefik/pull/9169) by [tfny](https://github.com/tfny))
+- Add callout for anyone using Traefik to manage commercial applications ([#9152](https://github.com/traefik/traefik/pull/9152) by [tomatokoolaid](https://github.com/tomatokoolaid))
+- Update deprecation notices ([#9149](https://github.com/traefik/traefik/pull/9149) by [ddtmachado](https://github.com/ddtmachado))
+
+## [v2.8.0](https://github.com/traefik/traefik/tree/v2.8.0) (2022-06-29)
+[All Commits](https://github.com/traefik/traefik/compare/v2.8.0-rc1...v2.8.0)
+
+**Enhancements:**
+- **[consul,consulcatalog]** Support multiple namespaces for Consul and ConsulCatalog providers ([#8979](https://github.com/traefik/traefik/pull/8979) by [rtribotte](https://github.com/rtribotte))
+- **[http3]** Upgrade quic-go to v0.27.0 ([#8922](https://github.com/traefik/traefik/pull/8922) by [tomMoulard](https://github.com/tomMoulard))
+- **[http3]** Upgrade quic-go to v0.26.0 ([#8874](https://github.com/traefik/traefik/pull/8874) by [sylr](https://github.com/sylr))
+- **[logs]** Add destination address to debug log ([#9032](https://github.com/traefik/traefik/pull/9032) by [qmloong](https://github.com/qmloong))
+- **[middleware,provider,tls]** Deprecate caOptional option in client TLS configuration ([#8960](https://github.com/traefik/traefik/pull/8960) by [kevinpollet](https://github.com/kevinpollet))
+- **[middleware]** Support URL replacement in errors middleware ([#8956](https://github.com/traefik/traefik/pull/8956) by [tomMoulard](https://github.com/tomMoulard))
+- **[middleware]** Allow config of additional CircuitBreaker params ([#8907](https://github.com/traefik/traefik/pull/8907) by [aidy](https://github.com/aidy))
+- **[provider]** Implement Traefik provider for Nomad orchestrator ([#9018](https://github.com/traefik/traefik/pull/9018) by [shoenig](https://github.com/shoenig))
+- **[server]** Allow HTTP/2 max concurrent stream configuration ([#8781](https://github.com/traefik/traefik/pull/8781) by [tomMoulard](https://github.com/tomMoulard))
+- **[tls,k8s/crd]** Support certificates configuration in TLSStore CRD ([#8976](https://github.com/traefik/traefik/pull/8976) by [kevinpollet](https://github.com/kevinpollet))
+- **[webui,pilot,hub]** Add Traefik Hub button and deprecate Pilot ([#9091](https://github.com/traefik/traefik/pull/9091) by [ldez](https://github.com/ldez))
+- **[webui,plugins]** Reach the catalog of plugins from the Traefik dashboard ([#9055](https://github.com/traefik/traefik/pull/9055) by [seedy](https://github.com/seedy))
+
+**Bug fixes:**
+- **[nomad]** Use configured token in the Nomad client ([#9111](https://github.com/traefik/traefik/pull/9111) by [kevinpollet](https://github.com/kevinpollet))
+
+**Documentation:**
+- Prepare release v2.8.0-rc2 ([#9134](https://github.com/traefik/traefik/pull/9134) by [rtribotte](https://github.com/rtribotte))
+- Prepare release v2.8.0-rc1 ([#9097](https://github.com/traefik/traefik/pull/9097) by [rtribotte](https://github.com/rtribotte))
+
+**Misc:**
+- Merge current v2.7 into v2.8 ([#9142](https://github.com/traefik/traefik/pull/9142) by [rtribotte](https://github.com/rtribotte))
+- Merge current v2.7 into v2.8 ([#9133](https://github.com/traefik/traefik/pull/9133) by [rtribotte](https://github.com/rtribotte))
+- Merge current v2.7 into master ([#9095](https://github.com/traefik/traefik/pull/9095) by [rtribotte](https://github.com/rtribotte))
+- Merge current v2.7 into master ([#9085](https://github.com/traefik/traefik/pull/9085) by [tomMoulard](https://github.com/tomMoulard))
+- Merge current v2.7 into master ([#9060](https://github.com/traefik/traefik/pull/9060) by [rtribotte](https://github.com/rtribotte))
+- Merge current v2.7 into master ([#9052](https://github.com/traefik/traefik/pull/9052) by [rtribotte](https://github.com/rtribotte))
+- Merge current v2.7 into master ([#8959](https://github.com/traefik/traefik/pull/8959) by [tomMoulard](https://github.com/tomMoulard))
+
+## [v2.7.3](https://github.com/traefik/traefik/tree/v2.7.3) (2022-06-29)
+[All Commits](https://github.com/traefik/traefik/compare/v2.7.2...v2.7.3)
+
+**Bug fixes:**
+- **[metrics]** Ensure Datadog client is cleanly stopped ([#9137](https://github.com/traefik/traefik/pull/9137) by [jbdoumenjou](https://github.com/jbdoumenjou))
+
+**Documentation:**
+- **[middleware,k8s/crd]** Add documentation for main, SANs and plugin CRD fields ([#9136](https://github.com/traefik/traefik/pull/9136) by [mloiseleur](https://github.com/mloiseleur))
+
 ## [v2.8.0-rc2](https://github.com/traefik/traefik/tree/v2.8.0-rc2) (2022-06-27)
 [All Commits](https://github.com/traefik/traefik/compare/v2.8.0-rc1...v2.8.0-rc2)

--- a/docs/content/contributing/advocating.md
+++ b/docs/content/contributing/advocating.md
@@ -8,8 +8,24 @@ description: "There are many ways to contribute to Traefik Proxy. If you're talk
 Spread the Love & Tell Us about It
 {: .subtitle }

-There are many ways to contribute to the project, and there is one that always spark joy: when we see/read about users talking about how Traefik helps them solve their problems.
+Traefik Proxy was started by the community for the community.
+You can contribute to the Traefik community in three main ways: 

-If you're talking about Traefik, [let us know](https://traefik.io/submit-my-contribution/) and we'll promote your enthusiasm!
+**Spread the word!** Guides, videos, blog posts, how-to articles, and showing off your network design all help spread the word about Traefik Proxy
+and teach others in the community how to best implement it.
+It always sparks joy when users share how Traefik Proxy helps them solve their problems.
+If you are talking about Traefik Proxy, [let us know](https://traefik.io/submit-my-contribution/) and we will promote your work and reward your enthusiasm!
+If you are giving a talk that includes or is about Traefik Proxy, [let us know](https://traefik.io/submit-my-contribution/) and we will send you swag and stickers for your time at the conference.
+If you have written about Traefik or shared useful information you would like to promote, feel free to add links to the [dedicated wiki page on GitHub](https://github.com/traefik/traefik/wiki/Awesome-Traefik).

-Also, if you've written about Traefik or shared useful information you'd like to promote, feel free to add links in the [dedicated wiki page on Github](https://github.com/traefik/traefik/wiki/Awesome-Traefik).
+**Help community members!** Everyone needs a place to share their cool innovations or get help with that pesky bug that only a different pair of eyes seems to be able to see.
+Join our [Community Forum](https://community.traefik.io/) where you can ask questions, help out other users, and share your neat configuration examples or snippets.
+Top contributors will be asked to join the Ambassador program and get unique swag to celebrate!
+
+**Build cool solutions!** Traefik Proxy would be so much better if only it had…
+We love all the wonderful ideas that our users come up with, but we can only build so much.
+Luckily, as an open source community, our users can help by [building awesome features](https://github.com/orgs/traefik/projects/9/views/7), enhancements, or bug fixes.
+We are a big community, so we do need to prioritize a bit.
+That is why we use the tag `contributor/wanted` to let you know which pull requests will make it to the front of the queue for design support and review.
+Feel free to grab one of these and run with it.
+Top contributors get unique swag to celebrate. 
--- a/docs/content/deprecation/features.md
+++ b/docs/content/deprecation/features.md
@@ -4,9 +4,9 @@ This page is maintained and updated periodically to reflect our roadmap and any

 | Feature                                                       | Deprecated | End of Support | Removal |
 |---------------------------------------------------------------|------------|----------------|---------|
-| [Pilot Dashboard (Metrics)](#pilot-dashboard-metrics)         | 2.7        | 2.8            | 2.9     |
-| [Pilot Plugins](#pilot-plugins)                               | 2.7        | 2.8            | 2.9     |
-| [Consul Enterprise Namespaces](#consul-enterprise-namespaces) | 2.8        | TBD            | TBD     |
+| [Pilot Dashboard (Metrics)](#pilot-dashboard-metrics)         | 2.7        | 2.8            | 3.0     |
+| [Pilot Plugins](#pilot-plugins)                               | 2.7        | 2.8            | 3.0     |
+| [Consul Enterprise Namespace](#consul-enterprise-namespace)   | 2.8        | N/A            | 3.0     |

 ## Impact

@@ -20,7 +20,7 @@ In 2.9, the Pilot platform and all Traefik integration code will be permanently
 Starting on 2.7 the pilot token will not be a requirement anymore.  
 At 2.9, a new plugin catalog home should be available, decoupled from pilot.

-### Consul Enterprise Namespaces
+### Consul Enterprise Namespace

 Starting on 2.8 the `namespace` option of Consul and Consul Catalog providers is deprecated, 
 please use the `namespaces` options instead.  
--- a/docs/content/deprecation/releases.md
+++ b/docs/content/deprecation/releases.md
@@ -6,7 +6,9 @@ Below is a non-exhaustive list of versions and their maintenance status:

 | Version | Release Date | Active Support     | Security Support | 
 |---------|--------------|--------------------|------------------|
-| 2.6     | Jan 24, 2022 |      Yes           |       Yes        |
+| 2.8     | Jun 29, 2022 |      Yes           |       Yes        |
+| 2.7     | May 24, 2022 | Ended Jun 29, 2022 |       No         |
+| 2.6     | Jan 24, 2022 | Ended May 24, 2022 |       No         |
 | 2.5     | Aug 17, 2021 | Ended Jan 24, 2022 |       No         |
 | 2.4     | Jan 19, 2021 | Ended Aug 17, 2021 |       No         |
 | 2.3     | Sep 23, 2020 | Ended Jan 19, 2021 |       No         |
--- a/docs/content/getting-started/configuration-overview.md
+++ b/docs/content/getting-started/configuration-overview.md
@@ -93,3 +93,18 @@ All available environment variables can be found [here](../reference/static-conf
 All the configuration options are documented in their related section.

 You can browse the available features in the menu, the [providers](../providers/overview.md), or the [routing section](../routing/overview.md) to see them in action.
+
+!!! question "Using Traefik for Business Applications?"
+
+    If you are using Traefik for commercial applications,
+    consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/).
+    You can use it as your:
+
+    - [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/)
+    - [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/)
+    - [API Gateway](https://traefik.io/solutions/api-gateway/)
+
+    Traefik Enterprise enables centralized access management,
+    distributed Let's Encrypt,
+    and other advanced capabilities.
+    Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo).
--- a/docs/content/getting-started/install-traefik.md
+++ b/docs/content/getting-started/install-traefik.md
@@ -179,10 +179,17 @@ And run it:

 All the details are available in the [Contributing Guide](../contributing/building-testing.md)

-!!! question "Using Traefik for Business?"
+!!! question "Using Traefik for Business Applications?"

-    If you're using Traefik for commercial applications, 
-    consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/) of Traefik as your [Kubernetes Ingress](https://traefik.io/solutions/kubernetes-ingress/), 
-    your [Docker Swarm Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/), 
-    or your [API gateway](https://traefik.io/solutions/api-gateway/). 
+    If you are using Traefik for commercial applications,
+    consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/).
+    You can use it as your:
+
+    - [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/)
+    - [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/)
+    - [API Gateway](https://traefik.io/solutions/api-gateway/)
+
+    Traefik Enterprise enables centralized access management,
+    distributed Let's Encrypt,
+    and other advanced capabilities.
    Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo).
--- a/docs/content/getting-started/quick-start.md
+++ b/docs/content/getting-started/quick-start.md
@@ -113,4 +113,20 @@ IP: 172.27.0.4
 ```

 !!! question "Where to Go Next?"
+
    Now that you have a basic understanding of how Traefik can automatically create the routes to your services and load balance them, it is time to dive into [the documentation](/) and let Traefik work for you!
+
+!!! question "Using Traefik for Business Applications?"
+
+    If you are using Traefik for commercial applications,
+    consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/).
+    You can use it as your:
+
+    - [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/)
+    - [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/)
+    - [API Gateway](https://traefik.io/solutions/api-gateway/)
+
+    Traefik Enterprise enables centralized access management,
+    distributed Let's Encrypt,
+    and other advanced capabilities.
+    Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo).
--- a/docs/content/https/acme.md
+++ b/docs/content/https/acme.md
@@ -666,3 +666,18 @@ If Let's Encrypt is not reachable, the following certificates will apply:

 !!! important
    For new (sub)domains which need Let's Encrypt authentication, the default Traefik certificate will be used until Traefik is restarted.
+    
+!!! question "Using Traefik for Business Applications?"
+
+    If you are using Traefik for commercial applications,
+    consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/).
+    You can use it as your:
+
+    - [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/)
+    - [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/)
+    - [API Gateway](https://traefik.io/solutions/api-gateway/)
+
+    Traefik Enterprise enables centralized access management,
+    distributed Let's Encrypt,
+    and other advanced capabilities.
+    Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo).
--- a/docs/content/middlewares/http/overview.md
+++ b/docs/content/middlewares/http/overview.md
@@ -153,3 +153,7 @@ http:
 | [Retry](retry.md)                         | Automatically retries in case of error            | Request lifecycle           |
 | [StripPrefix](stripprefix.md)             | Changes the path of the request                   | Path Modifier               |
 | [StripPrefixRegex](stripprefixregex.md)   | Changes the path of the request                   | Path Modifier               |
+
+## Community Middlewares
+
+Please take a look at the community-contributed plugins in the [plugin catalog](https://pilot.traefik.io/plugins).
--- a/docs/content/middlewares/http/redirectscheme.md
+++ b/docs/content/middlewares/http/redirectscheme.md
@@ -13,7 +13,6 @@ TODO: add schema
 -->

 The RedirectScheme middleware redirects the request if the request scheme is different from the configured scheme.
-The middleware does not work for websocket requests. 

 !!! warning "When behind another reverse-proxy"

--- a/docs/content/providers/docker.md
+++ b/docs/content/providers/docker.md
@@ -714,3 +714,18 @@ providers:
 ```bash tab="CLI"
 --providers.docker.tls.insecureSkipVerify=true
 ```
+
+!!! question "Using Traefik for Business Applications?"
+
+    If you are using Traefik for commercial applications,
+    consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/).
+    You can use it as your:
+
+    - [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/)
+    - [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/)
+    - [API Gateway](https://traefik.io/solutions/api-gateway/)
+
+    Traefik Enterprise enables centralized access management,
+    distributed Let's Encrypt,
+    and other advanced capabilities.
+    Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo).
--- a/docs/content/providers/kubernetes-crd.md
+++ b/docs/content/providers/kubernetes-crd.md
@@ -35,10 +35,10 @@ the Traefik engineering team developed a [Custom Resource Definition](https://ku

    ```bash
    # Install Traefik Resource Definitions:
-    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.8/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
    
    # Install RBAC for Traefik:
-    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
+    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.8/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
    ```

 ## Resource Configuration
--- a/docs/content/providers/kubernetes-ingress.md
+++ b/docs/content/providers/kubernetes-ingress.md
@@ -501,3 +501,18 @@ providers:

 To learn more about the various aspects of the Ingress specification that Traefik supports,
 many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v2.8/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
+
+!!! question "Using Traefik for Business Applications?"
+
+    If you are using Traefik for commercial applications,
+    consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/).
+    You can use it as your:
+
+    - [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/)
+    - [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/)
+    - [API Gateway](https://traefik.io/solutions/api-gateway/)
+
+    Traefik Enterprise enables centralized access management,
+    distributed Let's Encrypt,
+    and other advanced capabilities.
+    Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo).
--- a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
@@ -39,7 +39,7 @@ spec:
              entryPoints:
                description: 'EntryPoints defines the list of entry point names to
                  bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v2.8/routing/entrypoints/
                  Default: all.'
                items:
                  type: string
@@ -56,11 +56,11 @@ spec:
                      - Rule
                      type: string
                    match:
-                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#rule'
+                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#rule'
                      type: string
                    middlewares:
                      description: 'Middlewares defines the list of references to
-                        Middleware resources. More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-middleware'
+                        Middleware resources. More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-middleware'
                      items:
                        description: MiddlewareRef is a reference to a Middleware
                          resource.
@@ -79,7 +79,7 @@ spec:
                      type: array
                    priority:
                      description: 'Priority defines the router''s priority. More
-                        info: https://doc.traefik.io/traefik/v2.7/routing/routers/#priority'
+                        info: https://doc.traefik.io/traefik/v2.8/routing/routers/#priority'
                      type: integer
                    services:
                      description: Services defines the list of Service. It can contain
@@ -145,7 +145,7 @@ spec:
                            type: string
                          sticky:
                            description: 'Sticky defines the sticky sessions configuration.
-                              More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
+                              More info: https://doc.traefik.io/traefik/v2.8/routing/services/#sticky-sessions'
                            properties:
                              cookie:
                                description: Cookie defines the sticky cookie configuration.
@@ -190,22 +190,25 @@ spec:
                  type: object
                type: array
              tls:
-                description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#tls'
+                description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#tls'
                properties:
                  certResolver:
                    description: 'CertResolver defines the name of the certificate
                      resolver to use. Cert resolvers have to be configured in the
-                      static configuration. More info: https://doc.traefik.io/traefik/v2.7/https/acme/#certificate-resolvers'
+                      static configuration. More info: https://doc.traefik.io/traefik/v2.8/https/acme/#certificate-resolvers'
                    type: string
                  domains:
                    description: 'Domains defines the list of domains that will be
-                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#domains'
+                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#domains'
                    items:
                      description: Domain holds a domain name with SANs.
                      properties:
                        main:
+                          description: Main defines the main domain name.
                          type: string
                        sans:
+                          description: SANs defines the subject alternative domain
+                            names.
                          items:
                            type: string
                          type: array
@@ -214,15 +217,15 @@ spec:
                  options:
                    description: 'Options defines the reference to a TLSOption, that
                      specifies the parameters of the TLS connection. If not defined,
-                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options'
+                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.8/https/tls/#tls-options'
                    properties:
                      name:
                        description: 'Name defines the name of the referenced TLSOption.
-                          More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsoption'
+                          More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-tlsoption'
                        type: string
                      namespace:
                        description: 'Namespace defines the namespace of the referenced
-                          TLSOption. More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsoption'
+                          TLSOption. More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-tlsoption'
                        type: string
                    required:
                    - name
@@ -238,11 +241,11 @@ spec:
                    properties:
                      name:
                        description: 'Name defines the name of the referenced TLSStore.
-                          More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsstore'
+                          More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-tlsstore'
                        type: string
                      namespace:
                        description: 'Namespace defines the namespace of the referenced
-                          TLSStore. More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsstore'
+                          TLSStore. More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-tlsstore'
                        type: string
                    required:
                    - name
@@ -304,7 +307,7 @@ spec:
              entryPoints:
                description: 'EntryPoints defines the list of entry point names to
                  bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v2.8/routing/entrypoints/
                  Default: all.'
                items:
                  type: string
@@ -315,7 +318,7 @@ spec:
                  description: RouteTCP holds the TCP route configuration.
                  properties:
                    match:
-                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#rule_1'
+                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#rule_1'
                      type: string
                    middlewares:
                      description: Middlewares defines the list of references to MiddlewareTCP
@@ -338,7 +341,7 @@ spec:
                      type: array
                    priority:
                      description: 'Priority defines the router''s priority. More
-                        info: https://doc.traefik.io/traefik/v2.7/routing/routers/#priority_1'
+                        info: https://doc.traefik.io/traefik/v2.8/routing/routers/#priority_1'
                      type: integer
                    services:
                      description: Services defines the list of TCP services.
@@ -363,7 +366,7 @@ spec:
                            x-kubernetes-int-or-string: true
                          proxyProtocol:
                            description: 'ProxyProtocol defines the PROXY protocol
-                              configuration. More info: https://doc.traefik.io/traefik/v2.7/routing/services/#proxy-protocol'
+                              configuration. More info: https://doc.traefik.io/traefik/v2.8/routing/services/#proxy-protocol'
                            properties:
                              version:
                                description: Version defines the PROXY Protocol version
@@ -394,22 +397,25 @@ spec:
                type: array
              tls:
                description: 'TLS defines the TLS configuration on a layer 4 / TCP
-                  Route. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#tls_1'
+                  Route. More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#tls_1'
                properties:
                  certResolver:
                    description: 'CertResolver defines the name of the certificate
                      resolver to use. Cert resolvers have to be configured in the
-                      static configuration. More info: https://doc.traefik.io/traefik/v2.7/https/acme/#certificate-resolvers'
+                      static configuration. More info: https://doc.traefik.io/traefik/v2.8/https/acme/#certificate-resolvers'
                    type: string
                  domains:
                    description: 'Domains defines the list of domains that will be
-                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#domains'
+                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#domains'
                    items:
                      description: Domain holds a domain name with SANs.
                      properties:
                        main:
+                          description: Main defines the main domain name.
                          type: string
                        sans:
+                          description: SANs defines the subject alternative domain
+                            names.
                          items:
                            type: string
                          type: array
@@ -418,7 +424,7 @@ spec:
                  options:
                    description: 'Options defines the reference to a TLSOption, that
                      specifies the parameters of the TLS connection. If not defined,
-                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options'
+                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.8/https/tls/#tls-options'
                    properties:
                      name:
                        description: Name defines the name of the referenced Traefik
@@ -512,7 +518,7 @@ spec:
              entryPoints:
                description: 'EntryPoints defines the list of entry point names to
                  bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v2.8/routing/entrypoints/
                  Default: all.'
                items:
                  type: string
@@ -591,7 +597,7 @@ spec:
    schema:
      openAPIV3Schema:
        description: 'Middleware is the CRD implementation of a Traefik Middleware.
-          More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/overview/'
+          More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/overview/'
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
@@ -611,7 +617,7 @@ spec:
              addPrefix:
                description: 'AddPrefix holds the add prefix middleware configuration.
                  This middleware updates the path of a request before forwarding
-                  it. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/addprefix/'
+                  it. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/addprefix/'
                properties:
                  prefix:
                    description: Prefix is the string to add before the current path
@@ -621,11 +627,11 @@ spec:
              basicAuth:
                description: 'BasicAuth holds the basic auth middleware configuration.
                  This middleware restricts access to your services to known users.
-                  More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/'
+                  More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/basicauth/'
                properties:
                  headerField:
                    description: 'HeaderField defines a header field to store the
-                      authenticated user. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/#headerfield'
+                      authenticated user. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/basicauth/#headerfield'
                    type: string
                  realm:
                    description: 'Realm allows the protected resources on a server
@@ -645,7 +651,7 @@ spec:
              buffering:
                description: 'Buffering holds the buffering middleware configuration.
                  This middleware retries or limits the size of requests that can
-                  be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/buffering/#maxrequestbodybytes'
+                  be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/buffering/#maxrequestbodybytes'
                properties:
                  maxRequestBodyBytes:
                    description: 'MaxRequestBodyBytes defines the maximum allowed
@@ -678,13 +684,13 @@ spec:
                  retryExpression:
                    description: 'RetryExpression defines the retry conditions. It
                      is a logical combination of functions with operators AND (&&)
-                      and OR (||). More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/buffering/#retryexpression'
+                      and OR (||). More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/buffering/#retryexpression'
                    type: string
                type: object
              chain:
                description: 'Chain holds the configuration of the chain middleware.
                  This middleware enables to define reusable combinations of other
-                  pieces of middleware. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/chain/'
+                  pieces of middleware. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/chain/'
                properties:
                  middlewares:
                    description: Middlewares is the list of MiddlewareRef which composes
@@ -738,7 +744,7 @@ spec:
              compress:
                description: 'Compress holds the compress middleware configuration.
                  This middleware compresses responses before sending them to the
-                  client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/compress/'
+                  client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/compress/'
                properties:
                  excludedContentTypes:
                    description: ExcludedContentTypes defines the list of content
@@ -772,11 +778,11 @@ spec:
              digestAuth:
                description: 'DigestAuth holds the digest auth middleware configuration.
                  This middleware restricts access to your services to known users.
-                  More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/digestauth/'
+                  More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/digestauth/'
                properties:
                  headerField:
                    description: 'HeaderField defines a header field to store the
-                      authenticated user. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/#headerfield'
+                      authenticated user. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/basicauth/#headerfield'
                    type: string
                  realm:
                    description: 'Realm allows the protected resources on a server
@@ -795,7 +801,7 @@ spec:
              errors:
                description: 'ErrorPage holds the custom error middleware configuration.
                  This middleware returns a custom page in lieu of the default, according
-                  to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/errorpages/'
+                  to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/errorpages/'
                properties:
                  query:
                    description: Query defines the URL for the error page (hosted
@@ -804,7 +810,7 @@ spec:
                    type: string
                  service:
                    description: 'Service defines the reference to a Kubernetes Service
-                      that will serve the error page. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/errorpages/#service'
+                      that will serve the error page. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/errorpages/#service'
                    properties:
                      kind:
                        description: Kind defines the kind of the Service.
@@ -861,7 +867,7 @@ spec:
                        type: string
                      sticky:
                        description: 'Sticky defines the sticky sessions configuration.
-                          More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
+                          More info: https://doc.traefik.io/traefik/v2.8/routing/services/#sticky-sessions'
                        properties:
                          cookie:
                            description: Cookie defines the sticky cookie configuration.
@@ -910,7 +916,7 @@ spec:
              forwardAuth:
                description: 'ForwardAuth holds the forward auth middleware configuration.
                  This middleware delegates the request authentication to a Service.
-                  More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/forwardauth/'
+                  More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/forwardauth/'
                properties:
                  address:
                    description: Address defines the authentication server address.
@@ -933,7 +939,7 @@ spec:
                    description: 'AuthResponseHeadersRegex defines the regex to match
                      headers to copy from the authentication server response and
                      set on forwarded request, after stripping all headers that match
-                      the regex. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/forwardauth/#authresponseheadersregex'
+                      the regex. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/forwardauth/#authresponseheadersregex'
                    type: string
                  tls:
                    description: TLS defines the configuration used to secure the
@@ -964,7 +970,7 @@ spec:
              headers:
                description: 'Headers holds the headers middleware configuration.
                  This middleware manages the requests and responses headers. More
-                  info: https://doc.traefik.io/traefik/v2.7/middlewares/http/headers/#customrequestheaders'
+                  info: https://doc.traefik.io/traefik/v2.8/middlewares/http/headers/#customrequestheaders'
                properties:
                  accessControlAllowCredentials:
                    description: AccessControlAllowCredentials defines whether the
@@ -1125,7 +1131,7 @@ spec:
              inFlightReq:
                description: 'InFlightReq holds the in-flight request middleware configuration.
                  This middleware limits the number of requests being processed and
-                  served concurrently. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/inflightreq/'
+                  served concurrently. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/inflightreq/'
                properties:
                  amount:
                    description: Amount defines the maximum amount of allowed simultaneous
@@ -1139,11 +1145,11 @@ spec:
                      group requests as originating from a common source. If several
                      strategies are defined at the same time, an error will be raised.
                      If none are set, the default is to use the requestHost. More
-                      info: https://doc.traefik.io/traefik/v2.7/middlewares/http/inflightreq/#sourcecriterion'
+                      info: https://doc.traefik.io/traefik/v2.8/middlewares/http/inflightreq/#sourcecriterion'
                    properties:
                      ipStrategy:
                        description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/#ipstrategy'
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/ipwhitelist/#ipstrategy'
                        properties:
                          depth:
                            description: Depth tells Traefik to use the X-Forwarded-For
@@ -1171,11 +1177,11 @@ spec:
              ipWhiteList:
                description: 'IPWhiteList holds the IP whitelist middleware configuration.
                  This middleware accepts / refuses requests based on the client IP.
-                  More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/'
+                  More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/ipwhitelist/'
                properties:
                  ipStrategy:
                    description: 'IPStrategy holds the IP strategy configuration used
-                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/#ipstrategy'
+                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/ipwhitelist/#ipstrategy'
                    properties:
                      depth:
                        description: Depth tells Traefik to use the X-Forwarded-For
@@ -1199,7 +1205,7 @@ spec:
              passTLSClientCert:
                description: 'PassTLSClientCert holds the pass TLS client cert middleware
                  configuration. This middleware adds the selected data from the passed
-                  client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/passtlsclientcert/'
+                  client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/passtlsclientcert/'
                properties:
                  info:
                    description: Info selects the specific client certificate details
@@ -1300,11 +1306,13 @@ spec:
              plugin:
                additionalProperties:
                  x-kubernetes-preserve-unknown-fields: true
+                description: 'Plugin defines the middleware plugin configuration.
+                  More info: https://doc.traefik.io/traefik/plugins/'
                type: object
              rateLimit:
                description: 'RateLimit holds the rate limit configuration. This middleware
                  ensures that services will receive a fair amount of requests, and
-                  allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ratelimit/'
+                  allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/ratelimit/'
                properties:
                  average:
                    description: Average is the maximum rate, by default in requests/s,
@@ -1337,7 +1345,7 @@ spec:
                    properties:
                      ipStrategy:
                        description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/#ipstrategy'
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/ipwhitelist/#ipstrategy'
                        properties:
                          depth:
                            description: Depth tells Traefik to use the X-Forwarded-For
@@ -1365,7 +1373,7 @@ spec:
              redirectRegex:
                description: 'RedirectRegex holds the redirect regex middleware configuration.
                  This middleware redirects a request using regex matching and replacement.
-                  More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/redirectregex/#regex'
+                  More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/redirectregex/#regex'
                properties:
                  permanent:
                    description: Permanent defines whether the redirection is permanent
@@ -1383,7 +1391,7 @@ spec:
              redirectScheme:
                description: 'RedirectScheme holds the redirect scheme middleware
                  configuration. This middleware redirects requests from a scheme/port
-                  to another. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/redirectscheme/'
+                  to another. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/redirectscheme/'
                properties:
                  permanent:
                    description: Permanent defines whether the redirection is permanent
@@ -1399,7 +1407,7 @@ spec:
              replacePath:
                description: 'ReplacePath holds the replace path middleware configuration.
                  This middleware replaces the path of the request URL and store the
-                  original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/replacepath/'
+                  original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/replacepath/'
                properties:
                  path:
                    description: Path defines the path to use as replacement in the
@@ -1409,7 +1417,7 @@ spec:
              replacePathRegex:
                description: 'ReplacePathRegex holds the replace path regex middleware
                  configuration. This middleware replaces the path of a URL using
-                  regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/replacepathregex/'
+                  regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/replacepathregex/'
                properties:
                  regex:
                    description: Regex defines the regular expression used to match
@@ -1425,7 +1433,7 @@ spec:
                  middleware reissues requests a given number of times to a backend
                  server if that server does not reply. As soon as the server answers,
                  the middleware stops retrying, regardless of the response status.
-                  More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/retry/'
+                  More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/retry/'
                properties:
                  attempts:
                    description: Attempts defines how many times the request should
@@ -1445,7 +1453,7 @@ spec:
              stripPrefix:
                description: 'StripPrefix holds the strip prefix middleware configuration.
                  This middleware removes the specified prefixes from the URL path.
-                  More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/stripprefix/'
+                  More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/stripprefix/'
                properties:
                  forceSlash:
                    description: 'ForceSlash ensures that the resulting stripped path
@@ -1462,7 +1470,7 @@ spec:
              stripPrefixRegex:
                description: 'StripPrefixRegex holds the strip prefix regex middleware
                  configuration. This middleware removes the matching prefixes from
-                  the URL path. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/stripprefixregex/'
+                  the URL path. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/stripprefixregex/'
                properties:
                  regex:
                    description: Regex defines the regular expression to match the
@@ -1506,7 +1514,7 @@ spec:
    schema:
      openAPIV3Schema:
        description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
-          More info: https://doc.traefik.io/traefik/v2.7/middlewares/overview/'
+          More info: https://doc.traefik.io/traefik/v2.8/middlewares/overview/'
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
@@ -1580,7 +1588,7 @@ spec:
        description: 'ServersTransport is the CRD implementation of a ServersTransport.
          If no serversTransport is specified, the default@internal will be used.
          The default@internal serversTransport is created from the static configuration.
-          More info: https://doc.traefik.io/traefik/v2.7/routing/services/#serverstransport_1'
+          More info: https://doc.traefik.io/traefik/v2.8/routing/services/#serverstransport_1'
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
@@ -1707,7 +1715,7 @@ spec:
      openAPIV3Schema:
        description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
          allowing to configure some parameters of the TLS connection. More info:
-          https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options'
+          https://doc.traefik.io/traefik/v2.8/https/tls/#tls-options'
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
@@ -1727,13 +1735,13 @@ spec:
              alpnProtocols:
                description: 'ALPNProtocols defines the list of supported application
                  level protocols for the TLS handshake, in order of preference. More
-                  info: https://doc.traefik.io/traefik/v2.7/https/tls/#alpn-protocols'
+                  info: https://doc.traefik.io/traefik/v2.8/https/tls/#alpn-protocols'
                items:
                  type: string
                type: array
              cipherSuites:
                description: 'CipherSuites defines the list of supported cipher suites
-                  for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#cipher-suites'
+                  for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.8/https/tls/#cipher-suites'
                items:
                  type: string
                type: array
@@ -1760,7 +1768,7 @@ spec:
                type: object
              curvePreferences:
                description: 'CurvePreferences defines the preferred elliptic curves
-                  in a specific order. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#curve-preferences'
+                  in a specific order. More info: https://doc.traefik.io/traefik/v2.8/https/tls/#curve-preferences'
                items:
                  type: string
                type: array
@@ -1820,7 +1828,7 @@ spec:
        description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
          the time being, only the TLSStore named default is supported. This means
          that you cannot have two stores that are named default in different Kubernetes
-          namespaces. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#certificates-stores'
+          namespaces. More info: https://doc.traefik.io/traefik/v2.8/https/tls/#certificates-stores'
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
@@ -1897,7 +1905,7 @@ spec:
      openAPIV3Schema:
        description: 'TraefikService is the CRD implementation of a Traefik Service.
          TraefikService object allows to:  - Apply weight to Services on load-balancing  -
-          Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-traefikservice'
+          Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-traefikservice'
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
@@ -1996,7 +2004,7 @@ spec:
                          type: string
                        sticky:
                          description: 'Sticky defines the sticky sessions configuration.
-                            More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
+                            More info: https://doc.traefik.io/traefik/v2.8/routing/services/#sticky-sessions'
                          properties:
                            cookie:
                              description: Cookie defines the sticky cookie configuration.
@@ -2080,7 +2088,7 @@ spec:
                    type: string
                  sticky:
                    description: 'Sticky defines the sticky sessions configuration.
-                      More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
+                      More info: https://doc.traefik.io/traefik/v2.8/routing/services/#sticky-sessions'
                    properties:
                      cookie:
                        description: Cookie defines the sticky cookie configuration.
@@ -2180,7 +2188,7 @@ spec:
                          type: string
                        sticky:
                          description: 'Sticky defines the sticky sessions configuration.
-                            More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
+                            More info: https://doc.traefik.io/traefik/v2.8/routing/services/#sticky-sessions'
                          properties:
                            cookie:
                              description: Cookie defines the sticky cookie configuration.
@@ -2219,7 +2227,7 @@ spec:
                    type: array
                  sticky:
                    description: 'Sticky defines whether sticky sessions are enabled.
-                      More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
+                      More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
                    properties:
                      cookie:
                        description: Cookie defines the sticky cookie configuration.
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutes.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutes.yaml
@@ -39,7 +39,7 @@ spec:
              entryPoints:
                description: 'EntryPoints defines the list of entry point names to
                  bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v2.8/routing/entrypoints/
                  Default: all.'
                items:
                  type: string
@@ -56,11 +56,11 @@ spec:
                      - Rule
                      type: string
                    match:
-                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#rule'
+                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#rule'
                      type: string
                    middlewares:
                      description: 'Middlewares defines the list of references to
-                        Middleware resources. More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-middleware'
+                        Middleware resources. More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-middleware'
                      items:
                        description: MiddlewareRef is a reference to a Middleware
                          resource.
@@ -79,7 +79,7 @@ spec:
                      type: array
                    priority:
                      description: 'Priority defines the router''s priority. More
-                        info: https://doc.traefik.io/traefik/v2.7/routing/routers/#priority'
+                        info: https://doc.traefik.io/traefik/v2.8/routing/routers/#priority'
                      type: integer
                    services:
                      description: Services defines the list of Service. It can contain
@@ -145,7 +145,7 @@ spec:
                            type: string
                          sticky:
                            description: 'Sticky defines the sticky sessions configuration.
-                              More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
+                              More info: https://doc.traefik.io/traefik/v2.8/routing/services/#sticky-sessions'
                            properties:
                              cookie:
                                description: Cookie defines the sticky cookie configuration.
@@ -190,22 +190,25 @@ spec:
                  type: object
                type: array
              tls:
-                description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#tls'
+                description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#tls'
                properties:
                  certResolver:
                    description: 'CertResolver defines the name of the certificate
                      resolver to use. Cert resolvers have to be configured in the
-                      static configuration. More info: https://doc.traefik.io/traefik/v2.7/https/acme/#certificate-resolvers'
+                      static configuration. More info: https://doc.traefik.io/traefik/v2.8/https/acme/#certificate-resolvers'
                    type: string
                  domains:
                    description: 'Domains defines the list of domains that will be
-                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#domains'
+                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#domains'
                    items:
                      description: Domain holds a domain name with SANs.
                      properties:
                        main:
+                          description: Main defines the main domain name.
                          type: string
                        sans:
+                          description: SANs defines the subject alternative domain
+                            names.
                          items:
                            type: string
                          type: array
@@ -214,15 +217,15 @@ spec:
                  options:
                    description: 'Options defines the reference to a TLSOption, that
                      specifies the parameters of the TLS connection. If not defined,
-                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options'
+                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.8/https/tls/#tls-options'
                    properties:
                      name:
                        description: 'Name defines the name of the referenced TLSOption.
-                          More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsoption'
+                          More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-tlsoption'
                        type: string
                      namespace:
                        description: 'Namespace defines the namespace of the referenced
-                          TLSOption. More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsoption'
+                          TLSOption. More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-tlsoption'
                        type: string
                    required:
                    - name
@@ -238,11 +241,11 @@ spec:
                    properties:
                      name:
                        description: 'Name defines the name of the referenced TLSStore.
-                          More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsstore'
+                          More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-tlsstore'
                        type: string
                      namespace:
                        description: 'Namespace defines the namespace of the referenced
-                          TLSStore. More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsstore'
+                          TLSStore. More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-tlsstore'
                        type: string
                    required:
                    - name
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutetcps.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutetcps.yaml
@@ -39,7 +39,7 @@ spec:
              entryPoints:
                description: 'EntryPoints defines the list of entry point names to
                  bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v2.8/routing/entrypoints/
                  Default: all.'
                items:
                  type: string
@@ -50,7 +50,7 @@ spec:
                  description: RouteTCP holds the TCP route configuration.
                  properties:
                    match:
-                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#rule_1'
+                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#rule_1'
                      type: string
                    middlewares:
                      description: Middlewares defines the list of references to MiddlewareTCP
@@ -73,7 +73,7 @@ spec:
                      type: array
                    priority:
                      description: 'Priority defines the router''s priority. More
-                        info: https://doc.traefik.io/traefik/v2.7/routing/routers/#priority_1'
+                        info: https://doc.traefik.io/traefik/v2.8/routing/routers/#priority_1'
                      type: integer
                    services:
                      description: Services defines the list of TCP services.
@@ -98,7 +98,7 @@ spec:
                            x-kubernetes-int-or-string: true
                          proxyProtocol:
                            description: 'ProxyProtocol defines the PROXY protocol
-                              configuration. More info: https://doc.traefik.io/traefik/v2.7/routing/services/#proxy-protocol'
+                              configuration. More info: https://doc.traefik.io/traefik/v2.8/routing/services/#proxy-protocol'
                            properties:
                              version:
                                description: Version defines the PROXY Protocol version
@@ -129,22 +129,25 @@ spec:
                type: array
              tls:
                description: 'TLS defines the TLS configuration on a layer 4 / TCP
-                  Route. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#tls_1'
+                  Route. More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#tls_1'
                properties:
                  certResolver:
                    description: 'CertResolver defines the name of the certificate
                      resolver to use. Cert resolvers have to be configured in the
-                      static configuration. More info: https://doc.traefik.io/traefik/v2.7/https/acme/#certificate-resolvers'
+                      static configuration. More info: https://doc.traefik.io/traefik/v2.8/https/acme/#certificate-resolvers'
                    type: string
                  domains:
                    description: 'Domains defines the list of domains that will be
-                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#domains'
+                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#domains'
                    items:
                      description: Domain holds a domain name with SANs.
                      properties:
                        main:
+                          description: Main defines the main domain name.
                          type: string
                        sans:
+                          description: SANs defines the subject alternative domain
+                            names.
                          items:
                            type: string
                          type: array
@@ -153,7 +156,7 @@ spec:
                  options:
                    description: 'Options defines the reference to a TLSOption, that
                      specifies the parameters of the TLS connection. If not defined,
-                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options'
+                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.8/https/tls/#tls-options'
                    properties:
                      name:
                        description: Name defines the name of the referenced Traefik
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_ingressrouteudps.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_ingressrouteudps.yaml
@@ -39,7 +39,7 @@ spec:
              entryPoints:
                description: 'EntryPoints defines the list of entry point names to
                  bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v2.8/routing/entrypoints/
                  Default: all.'
                items:
                  type: string
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml
@@ -20,7 +20,7 @@ spec:
    schema:
      openAPIV3Schema:
        description: 'Middleware is the CRD implementation of a Traefik Middleware.
-          More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/overview/'
+          More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/overview/'
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
@@ -40,7 +40,7 @@ spec:
              addPrefix:
                description: 'AddPrefix holds the add prefix middleware configuration.
                  This middleware updates the path of a request before forwarding
-                  it. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/addprefix/'
+                  it. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/addprefix/'
                properties:
                  prefix:
                    description: Prefix is the string to add before the current path
@@ -50,11 +50,11 @@ spec:
              basicAuth:
                description: 'BasicAuth holds the basic auth middleware configuration.
                  This middleware restricts access to your services to known users.
-                  More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/'
+                  More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/basicauth/'
                properties:
                  headerField:
                    description: 'HeaderField defines a header field to store the
-                      authenticated user. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/#headerfield'
+                      authenticated user. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/basicauth/#headerfield'
                    type: string
                  realm:
                    description: 'Realm allows the protected resources on a server
@@ -74,7 +74,7 @@ spec:
              buffering:
                description: 'Buffering holds the buffering middleware configuration.
                  This middleware retries or limits the size of requests that can
-                  be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/buffering/#maxrequestbodybytes'
+                  be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/buffering/#maxrequestbodybytes'
                properties:
                  maxRequestBodyBytes:
                    description: 'MaxRequestBodyBytes defines the maximum allowed
@@ -107,13 +107,13 @@ spec:
                  retryExpression:
                    description: 'RetryExpression defines the retry conditions. It
                      is a logical combination of functions with operators AND (&&)
-                      and OR (||). More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/buffering/#retryexpression'
+                      and OR (||). More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/buffering/#retryexpression'
                    type: string
                type: object
              chain:
                description: 'Chain holds the configuration of the chain middleware.
                  This middleware enables to define reusable combinations of other
-                  pieces of middleware. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/chain/'
+                  pieces of middleware. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/chain/'
                properties:
                  middlewares:
                    description: Middlewares is the list of MiddlewareRef which composes
@@ -167,7 +167,7 @@ spec:
              compress:
                description: 'Compress holds the compress middleware configuration.
                  This middleware compresses responses before sending them to the
-                  client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/compress/'
+                  client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/compress/'
                properties:
                  excludedContentTypes:
                    description: ExcludedContentTypes defines the list of content
@@ -201,11 +201,11 @@ spec:
              digestAuth:
                description: 'DigestAuth holds the digest auth middleware configuration.
                  This middleware restricts access to your services to known users.
-                  More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/digestauth/'
+                  More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/digestauth/'
                properties:
                  headerField:
                    description: 'HeaderField defines a header field to store the
-                      authenticated user. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/#headerfield'
+                      authenticated user. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/basicauth/#headerfield'
                    type: string
                  realm:
                    description: 'Realm allows the protected resources on a server
@@ -224,7 +224,7 @@ spec:
              errors:
                description: 'ErrorPage holds the custom error middleware configuration.
                  This middleware returns a custom page in lieu of the default, according
-                  to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/errorpages/'
+                  to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/errorpages/'
                properties:
                  query:
                    description: Query defines the URL for the error page (hosted
@@ -233,7 +233,7 @@ spec:
                    type: string
                  service:
                    description: 'Service defines the reference to a Kubernetes Service
-                      that will serve the error page. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/errorpages/#service'
+                      that will serve the error page. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/errorpages/#service'
                    properties:
                      kind:
                        description: Kind defines the kind of the Service.
@@ -290,7 +290,7 @@ spec:
                        type: string
                      sticky:
                        description: 'Sticky defines the sticky sessions configuration.
-                          More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
+                          More info: https://doc.traefik.io/traefik/v2.8/routing/services/#sticky-sessions'
                        properties:
                          cookie:
                            description: Cookie defines the sticky cookie configuration.
@@ -339,7 +339,7 @@ spec:
              forwardAuth:
                description: 'ForwardAuth holds the forward auth middleware configuration.
                  This middleware delegates the request authentication to a Service.
-                  More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/forwardauth/'
+                  More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/forwardauth/'
                properties:
                  address:
                    description: Address defines the authentication server address.
@@ -362,7 +362,7 @@ spec:
                    description: 'AuthResponseHeadersRegex defines the regex to match
                      headers to copy from the authentication server response and
                      set on forwarded request, after stripping all headers that match
-                      the regex. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/forwardauth/#authresponseheadersregex'
+                      the regex. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/forwardauth/#authresponseheadersregex'
                    type: string
                  tls:
                    description: TLS defines the configuration used to secure the
@@ -393,7 +393,7 @@ spec:
              headers:
                description: 'Headers holds the headers middleware configuration.
                  This middleware manages the requests and responses headers. More
-                  info: https://doc.traefik.io/traefik/v2.7/middlewares/http/headers/#customrequestheaders'
+                  info: https://doc.traefik.io/traefik/v2.8/middlewares/http/headers/#customrequestheaders'
                properties:
                  accessControlAllowCredentials:
                    description: AccessControlAllowCredentials defines whether the
@@ -554,7 +554,7 @@ spec:
              inFlightReq:
                description: 'InFlightReq holds the in-flight request middleware configuration.
                  This middleware limits the number of requests being processed and
-                  served concurrently. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/inflightreq/'
+                  served concurrently. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/inflightreq/'
                properties:
                  amount:
                    description: Amount defines the maximum amount of allowed simultaneous
@@ -568,11 +568,11 @@ spec:
                      group requests as originating from a common source. If several
                      strategies are defined at the same time, an error will be raised.
                      If none are set, the default is to use the requestHost. More
-                      info: https://doc.traefik.io/traefik/v2.7/middlewares/http/inflightreq/#sourcecriterion'
+                      info: https://doc.traefik.io/traefik/v2.8/middlewares/http/inflightreq/#sourcecriterion'
                    properties:
                      ipStrategy:
                        description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/#ipstrategy'
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/ipwhitelist/#ipstrategy'
                        properties:
                          depth:
                            description: Depth tells Traefik to use the X-Forwarded-For
@@ -600,11 +600,11 @@ spec:
              ipWhiteList:
                description: 'IPWhiteList holds the IP whitelist middleware configuration.
                  This middleware accepts / refuses requests based on the client IP.
-                  More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/'
+                  More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/ipwhitelist/'
                properties:
                  ipStrategy:
                    description: 'IPStrategy holds the IP strategy configuration used
-                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/#ipstrategy'
+                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/ipwhitelist/#ipstrategy'
                    properties:
                      depth:
                        description: Depth tells Traefik to use the X-Forwarded-For
@@ -628,7 +628,7 @@ spec:
              passTLSClientCert:
                description: 'PassTLSClientCert holds the pass TLS client cert middleware
                  configuration. This middleware adds the selected data from the passed
-                  client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/passtlsclientcert/'
+                  client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/passtlsclientcert/'
                properties:
                  info:
                    description: Info selects the specific client certificate details
@@ -729,11 +729,13 @@ spec:
              plugin:
                additionalProperties:
                  x-kubernetes-preserve-unknown-fields: true
+                description: 'Plugin defines the middleware plugin configuration.
+                  More info: https://doc.traefik.io/traefik/plugins/'
                type: object
              rateLimit:
                description: 'RateLimit holds the rate limit configuration. This middleware
                  ensures that services will receive a fair amount of requests, and
-                  allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ratelimit/'
+                  allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/ratelimit/'
                properties:
                  average:
                    description: Average is the maximum rate, by default in requests/s,
@@ -766,7 +768,7 @@ spec:
                    properties:
                      ipStrategy:
                        description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/#ipstrategy'
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/ipwhitelist/#ipstrategy'
                        properties:
                          depth:
                            description: Depth tells Traefik to use the X-Forwarded-For
@@ -794,7 +796,7 @@ spec:
              redirectRegex:
                description: 'RedirectRegex holds the redirect regex middleware configuration.
                  This middleware redirects a request using regex matching and replacement.
-                  More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/redirectregex/#regex'
+                  More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/redirectregex/#regex'
                properties:
                  permanent:
                    description: Permanent defines whether the redirection is permanent
@@ -812,7 +814,7 @@ spec:
              redirectScheme:
                description: 'RedirectScheme holds the redirect scheme middleware
                  configuration. This middleware redirects requests from a scheme/port
-                  to another. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/redirectscheme/'
+                  to another. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/redirectscheme/'
                properties:
                  permanent:
                    description: Permanent defines whether the redirection is permanent
@@ -828,7 +830,7 @@ spec:
              replacePath:
                description: 'ReplacePath holds the replace path middleware configuration.
                  This middleware replaces the path of the request URL and store the
-                  original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/replacepath/'
+                  original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/replacepath/'
                properties:
                  path:
                    description: Path defines the path to use as replacement in the
@@ -838,7 +840,7 @@ spec:
              replacePathRegex:
                description: 'ReplacePathRegex holds the replace path regex middleware
                  configuration. This middleware replaces the path of a URL using
-                  regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/replacepathregex/'
+                  regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/replacepathregex/'
                properties:
                  regex:
                    description: Regex defines the regular expression used to match
@@ -854,7 +856,7 @@ spec:
                  middleware reissues requests a given number of times to a backend
                  server if that server does not reply. As soon as the server answers,
                  the middleware stops retrying, regardless of the response status.
-                  More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/retry/'
+                  More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/retry/'
                properties:
                  attempts:
                    description: Attempts defines how many times the request should
@@ -874,7 +876,7 @@ spec:
              stripPrefix:
                description: 'StripPrefix holds the strip prefix middleware configuration.
                  This middleware removes the specified prefixes from the URL path.
-                  More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/stripprefix/'
+                  More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/stripprefix/'
                properties:
                  forceSlash:
                    description: 'ForceSlash ensures that the resulting stripped path
@@ -891,7 +893,7 @@ spec:
              stripPrefixRegex:
                description: 'StripPrefixRegex holds the strip prefix regex middleware
                  configuration. This middleware removes the matching prefixes from
-                  the URL path. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/stripprefixregex/'
+                  the URL path. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/stripprefixregex/'
                properties:
                  regex:
                    description: Regex defines the regular expression to match the
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml
@@ -20,7 +20,7 @@ spec:
    schema:
      openAPIV3Schema:
        description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
-          More info: https://doc.traefik.io/traefik/v2.7/middlewares/overview/'
+          More info: https://doc.traefik.io/traefik/v2.8/middlewares/overview/'
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_serverstransports.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_serverstransports.yaml
@@ -22,7 +22,7 @@ spec:
        description: 'ServersTransport is the CRD implementation of a ServersTransport.
          If no serversTransport is specified, the default@internal will be used.
          The default@internal serversTransport is created from the static configuration.
-          More info: https://doc.traefik.io/traefik/v2.7/routing/services/#serverstransport_1'
+          More info: https://doc.traefik.io/traefik/v2.8/routing/services/#serverstransport_1'
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_tlsoptions.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_tlsoptions.yaml
@@ -21,7 +21,7 @@ spec:
      openAPIV3Schema:
        description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
          allowing to configure some parameters of the TLS connection. More info:
-          https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options'
+          https://doc.traefik.io/traefik/v2.8/https/tls/#tls-options'
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
@@ -41,13 +41,13 @@ spec:
              alpnProtocols:
                description: 'ALPNProtocols defines the list of supported application
                  level protocols for the TLS handshake, in order of preference. More
-                  info: https://doc.traefik.io/traefik/v2.7/https/tls/#alpn-protocols'
+                  info: https://doc.traefik.io/traefik/v2.8/https/tls/#alpn-protocols'
                items:
                  type: string
                type: array
              cipherSuites:
                description: 'CipherSuites defines the list of supported cipher suites
-                  for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#cipher-suites'
+                  for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.8/https/tls/#cipher-suites'
                items:
                  type: string
                type: array
@@ -74,7 +74,7 @@ spec:
                type: object
              curvePreferences:
                description: 'CurvePreferences defines the preferred elliptic curves
-                  in a specific order. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#curve-preferences'
+                  in a specific order. More info: https://doc.traefik.io/traefik/v2.8/https/tls/#curve-preferences'
                items:
                  type: string
                type: array
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_tlsstores.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_tlsstores.yaml
@@ -22,7 +22,7 @@ spec:
        description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
          the time being, only the TLSStore named default is supported. This means
          that you cannot have two stores that are named default in different Kubernetes
-          namespaces. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#certificates-stores'
+          namespaces. More info: https://doc.traefik.io/traefik/v2.8/https/tls/#certificates-stores'
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_traefikservices.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_traefikservices.yaml
@@ -21,7 +21,7 @@ spec:
      openAPIV3Schema:
        description: 'TraefikService is the CRD implementation of a Traefik Service.
          TraefikService object allows to:  - Apply weight to Services on load-balancing  -
-          Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-traefikservice'
+          Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-traefikservice'
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
@@ -120,7 +120,7 @@ spec:
                          type: string
                        sticky:
                          description: 'Sticky defines the sticky sessions configuration.
-                            More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
+                            More info: https://doc.traefik.io/traefik/v2.8/routing/services/#sticky-sessions'
                          properties:
                            cookie:
                              description: Cookie defines the sticky cookie configuration.
@@ -204,7 +204,7 @@ spec:
                    type: string
                  sticky:
                    description: 'Sticky defines the sticky sessions configuration.
-                      More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
+                      More info: https://doc.traefik.io/traefik/v2.8/routing/services/#sticky-sessions'
                    properties:
                      cookie:
                        description: Cookie defines the sticky cookie configuration.
@@ -304,7 +304,7 @@ spec:
                          type: string
                        sticky:
                          description: 'Sticky defines the sticky sessions configuration.
-                            More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
+                            More info: https://doc.traefik.io/traefik/v2.8/routing/services/#sticky-sessions'
                          properties:
                            cookie:
                              description: Cookie defines the sticky cookie configuration.
@@ -343,7 +343,7 @@ spec:
                    type: array
                  sticky:
                    description: 'Sticky defines whether sticky sessions are enabled.
-                      More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
+                      More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
                    properties:
                      cookie:
                        description: Cookie defines the sticky cookie configuration.
--- a/docs/content/routing/entrypoints.md
+++ b/docs/content/routing/entrypoints.md
@@ -967,3 +967,18 @@ entryPoints:
 entrypoints.foo.address=:8000/udp
 entrypoints.foo.udp.timeout=10s
 ```
+
+!!! question "Using Traefik for Business Applications?"
+
+    If you are using Traefik for commercial applications,
+    consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/).
+    You can use it as your:
+
+    - [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/)
+    - [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/)
+    - [API Gateway](https://traefik.io/solutions/api-gateway/)
+
+    Traefik Enterprise enables centralized access management,
+    distributed Let's Encrypt,
+    and other advanced capabilities.
+    Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo).
--- a/docs/content/routing/routers/index.md
+++ b/docs/content/routing/routers/index.md
@@ -1321,3 +1321,18 @@ There must be one (and only one) UDP [service](../services/index.md) referenced
 Services are the target for the router.

 !!! important "UDP routers can only target UDP services (and not HTTP or TCP services)."
+
+!!! question "Using Traefik for Business Applications?"
+
+    If you are using Traefik for commercial applications,
+    consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/).
+    You can use it as your:
+
+    - [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/)
+    - [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/)
+    - [API Gateway](https://traefik.io/solutions/api-gateway/)
+
+    Traefik Enterprise enables centralized access management,
+    distributed Let's Encrypt,
+    and other advanced capabilities.
+    Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo).
--- a/docs/content/routing/services/index.md
+++ b/docs/content/routing/services/index.md
@@ -1645,3 +1645,18 @@ udp:
      [[udp.services.appv2.loadBalancer.servers]]
        address = "private-ip-server-2:8080/"
 ```
+
+!!! question "Using Traefik for Business Applications?"
+
+    If you are using Traefik for commercial applications,
+    consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/).
+    You can use it as your:
+
+    - [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/)
+    - [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/)
+    - [API Gateway](https://traefik.io/solutions/api-gateway/)
+
+    Traefik Enterprise enables centralized access management,
+    distributed Let's Encrypt,
+    and other advanced capabilities.
+    Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo).
--- a/docs/content/user-guides/crd-acme/index.md
+++ b/docs/content/user-guides/crd-acme/index.md
@@ -49,10 +49,10 @@ and the RBAC authorization resources which will be referenced through the `servi

 ```bash
 # Install Traefik Resource Definitions:
-kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.8/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml

 # Install RBAC for Traefik:
-kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.8/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
 ```

 ### Services
@@ -60,7 +60,7 @@ kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/con
 Then, the services. One for Traefik itself, and one for the app it routes for, i.e. in this case our demo HTTP server: [whoami](https://github.com/traefik/whoami).

 ```bash
-kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/user-guides/crd-acme/02-services.yml
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.8/docs/content/user-guides/crd-acme/02-services.yml
 ```

 ```yaml
@@ -73,7 +73,7 @@ Next, the deployments, i.e. the actual pods behind the services.
 Again, one pod for Traefik, and one for the whoami app.

 ```bash
-kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/user-guides/crd-acme/03-deployments.yml
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.8/docs/content/user-guides/crd-acme/03-deployments.yml
 ```

 ```yaml
@@ -100,7 +100,7 @@ Look it up.
 We can now finally apply the actual ingressRoutes, with:

 ```bash
-kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/user-guides/crd-acme/04-ingressroutes.yml
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.8/docs/content/user-guides/crd-acme/04-ingressroutes.yml
 ```

 ```yaml
@@ -126,7 +126,7 @@ Nowadays, TLS v1.0 and v1.1 are deprecated.
 In order to force TLS v1.2 or later on all your IngressRoute, you can define the `default` TLSOption:

 ```bash
-kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/user-guides/crd-acme/05-tlsoption.yml
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.8/docs/content/user-guides/crd-acme/05-tlsoption.yml
 ```

 ```yaml
--- a/go.mod
+++ b/go.mod
@@ -36,7 +36,7 @@ require (
 	github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d
 	github.com/instana/go-sensor v1.38.3
 	github.com/klauspost/compress v1.14.2
-	github.com/kvtools/valkeyrie v0.4.0
+	github.com/kvtools/valkeyrie v0.4.1
 	github.com/lucas-clemente/quic-go v0.27.0
 	github.com/mailgun/ttlmap v0.0.0-20170619185759-c1c17f74874f
 	github.com/miekg/dns v1.1.47
@@ -49,11 +49,11 @@ require (
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/pires/go-proxyproto v0.6.1
 	github.com/pmezard/go-difflib v1.0.0
-	github.com/prometheus/client_golang v1.11.0
+	github.com/prometheus/client_golang v1.12.2-0.20220704083116-e8f91604d835
 	github.com/prometheus/client_model v0.2.0
 	github.com/rancher/go-rancher-metadata v0.0.0-20200311180630-7f4c936a06ac
 	github.com/sirupsen/logrus v1.8.1
-	github.com/stretchr/testify v1.7.1
+	github.com/stretchr/testify v1.7.5
 	github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154
 	github.com/traefik/paerser v0.1.5
 	github.com/traefik/yaegi v0.13.0
@@ -73,7 +73,7 @@ require (
 	google.golang.org/grpc v1.38.0
 	gopkg.in/DataDog/dd-trace-go.v1 v1.38.1
 	gopkg.in/fsnotify.v1 v1.4.7
-	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
+	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/api v0.22.1
 	k8s.io/apiextensions-apiserver v0.21.3
 	k8s.io/apimachinery v0.22.1
@@ -155,7 +155,7 @@ require (
 	github.com/fsnotify/fsnotify v1.5.1 // indirect
 	github.com/fvbommel/sortorder v1.0.1 // indirect
 	github.com/go-errors/errors v1.0.1 // indirect
-	github.com/go-logfmt/logfmt v0.5.0 // indirect
+	github.com/go-logfmt/logfmt v0.5.1 // indirect
 	github.com/go-logr/logr v0.4.0 // indirect
 	github.com/go-resty/resty/v2 v2.1.1-0.20191201195748-d7b97669fe48 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect
@@ -266,8 +266,8 @@ require (
 	github.com/philhofer/fwd v1.1.1 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pquerna/otp v1.3.0 // indirect
-	github.com/prometheus/common v0.26.0 // indirect
-	github.com/prometheus/procfs v0.6.0 // indirect
+	github.com/prometheus/common v0.35.0 // indirect
+	github.com/prometheus/procfs v0.7.3 // indirect
 	github.com/sacloud/libsacloud v1.36.2 // indirect
 	github.com/sanathkr/go-yaml v0.0.0-20170819195128-ed9d249f429b // indirect
 	github.com/santhosh-tekuri/jsonschema v1.2.4 // indirect
@@ -281,7 +281,7 @@ require (
 	github.com/spf13/cast v1.3.1 // indirect
 	github.com/spf13/cobra v1.2.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/stretchr/objx v0.3.0 // indirect
+	github.com/stretchr/objx v0.4.0 // indirect
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.287 // indirect
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.287 // indirect
 	github.com/theupdateframework/notary v0.6.1 // indirect
@@ -307,16 +307,16 @@ require (
 	go.uber.org/zap v1.18.1 // indirect
 	golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f // indirect
 	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect
-	golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602 // indirect
+	golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
-	golang.org/x/sys v0.0.0-20220307203707-22a9840ba4d7 // indirect
+	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect
 	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
 	google.golang.org/api v0.44.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c // indirect
-	google.golang.org/protobuf v1.27.1 // indirect
+	google.golang.org/protobuf v1.28.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.62.0 // indirect
 	gopkg.in/ns1/ns1-go.v2 v2.6.2 // indirect
--- a/go.sum
+++ b/go.sum
@@ -686,11 +686,13 @@ github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2
 github.com/go-kit/kit v0.10.1-0.20200915143503-439c4d2ed3ea h1:CnEQOUv4ilElSwFB9g/lVmz206oLE4aNZDYngIY1Gvg=
 github.com/go-kit/kit v0.10.1-0.20200915143503-439c4d2ed3ea/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
 github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
+github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
 github.com/go-ldap/ldap/v3 v3.1.3/go.mod h1:3rbOH3jRS2u6jg2rJnKAMLE/xQyCKIveG2Sa/Cohzb8=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logfmt/logfmt v0.5.0 h1:TrB8swr/68K7m9CcGut2g3UOihhbcbiMAYiuTXdEih4=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
+github.com/go-logfmt/logfmt v0.5.1 h1:otpy5pqBCBZ1ng9RQ0dPu4PN7ba75Y/aA+UpowDyNVA=
+github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
 github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
 github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
 github.com/go-logr/logr v0.4.0 h1:K7/B1jt6fIBQVd4Owv2MqGQClcgf0R266+7C/QjRcLc=
@@ -1275,8 +1277,8 @@ github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/kvtools/valkeyrie v0.4.0 h1:0lfG8XpxL28YCOUmSiFsyvgTSDxEQzQOtgvZrJ3sIm8=
-github.com/kvtools/valkeyrie v0.4.0/go.mod h1:rNvw3wTLExfPgqcn+y6bpBZP8MYULZ4X1SAa2zEDg2o=
+github.com/kvtools/valkeyrie v0.4.1 h1:S0lOF4OOmPFd1i37vHmgCVr7/2ygwL4grKbHT5vGQ6M=
+github.com/kvtools/valkeyrie v0.4.1/go.mod h1:E34+bty7IqLoFkOqGD9AHDE4Bw4APJtoKmj0cqJJ7ug=
 github.com/kylelemons/go-gypsy v0.0.0-20160905020020-08cad365cd28/go.mod h1:T/T7jsxVqf9k/zYOqbgNAsANsjxTd1Yq3htjDhQ1H0c=
 github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
 github.com/labbsr0x/bindman-dns-webhook v1.0.2 h1:I7ITbmQPAVwrDdhd6dHKi+MYJTJqPCK0jE6YNBAevnk=
@@ -1653,8 +1655,10 @@ github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQ
 github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og=
 github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
-github.com/prometheus/client_golang v1.11.0 h1:HNkLOAEQMIDv/K+04rukrLx6ch7msSRwf3/SASFAGtQ=
 github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
+github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
+github.com/prometheus/client_golang v1.12.2-0.20220704083116-e8f91604d835 h1:sYuFGkrz0PtewSFk0Bg7p7jjiiklc6FUIWz+mFGQfD0=
+github.com/prometheus/client_golang v1.12.2-0.20220704083116-e8f91604d835/go.mod h1:RjnYTcBFM8s+WRft6oBqj4p5OgXJASPw5UFiI7w+GSs=
 github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
@@ -1674,8 +1678,10 @@ github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+
 github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA=
 github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
-github.com/prometheus/common v0.26.0 h1:iMAkS2TDoNWnKM+Kopnx/8tnEStIfpYA0ur0xQzzhMQ=
 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
+github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
+github.com/prometheus/common v0.35.0 h1:Eyr+Pw2VymWejHqCugNaQXkAi6KayVNxaHeu6khmFBE=
+github.com/prometheus/common v0.35.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
 github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
@@ -1690,8 +1696,9 @@ github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
 github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
 github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.6.0 h1:mxy4L2jP6qMonqmq+aTtOx1ifVWUgG/TAmntgbh3xv4=
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
+github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=
+github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/qri-io/jsonpointer v0.1.0/go.mod h1:DnJPaYgiKu56EuDp8TU5wFLdZIcAnb/uH9v37ZaMV64=
 github.com/qri-io/jsonschema v0.1.1/go.mod h1:QpzJ6gBQ0GYgGmh7mDQ1YsvvhSgE4rYj0k8t5MBOmUY=
@@ -1844,8 +1851,9 @@ github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
-github.com/stretchr/objx v0.3.0 h1:NGXK3lHquSN08v5vWalVI/L8XU9hdzE/G6xsrze47As=
 github.com/stretchr/objx v0.3.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
+github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.2.1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
@@ -1855,8 +1863,9 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.5 h1:s5PTfem8p8EbKQOctVV53k6jCJt3UX4IEJzwh+C324Q=
+github.com/stretchr/testify v1.7.5/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154 h1:XGopsea1Dw7ecQ8JscCNQXDGYAKDiWjDeXnpN/+BY9g=
 github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154/go.mod h1:7jxmlfBCDBXRzr0eAQJ48XC1hBu1np4CS5+cHEYfwpc=
 github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
@@ -2230,9 +2239,12 @@ golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy
 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
 golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4 h1:HVyaeDAYux4pnY+D/SiwmLOR36ewZ4iGQIIrtnuCjFA=
 golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/oauth2 v0.0.0-20180724155351-3d292e4d0cdc/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -2249,8 +2261,10 @@ golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602 h1:0Ja1LBD+yisY6RWM/BH7TJVXWsSjs2VwBSmvSX4HdBc=
 golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b h1:clP8eMhB30EHdc0bd2Twtq6kgU7yl5ub2cQLSdrv1Dg=
+golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -2389,10 +2403,12 @@ golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220307203707-22a9840ba4d7 h1:8IVLkfbr2cLhv0a/vKq4UFUcJym8RmDoDboxCFWEjYE=
 golang.org/x/sys v0.0.0-20220307203707-22a9840ba4d7/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -2656,8 +2672,9 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
+google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/DataDog/dd-trace-go.v1 v1.38.1 h1:nAKgcpJLXRHF56cKCP3bN8gTTQmmNAZFEblbyGKhKTo=
 gopkg.in/DataDog/dd-trace-go.v1 v1.38.1/go.mod h1:GBhK4yaMJ1h329ivtKAqRNe1EZ944UnZwtz5lh7CnJc=
 gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
@@ -2729,8 +2746,9 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gorm.io/driver/mysql v1.0.1/go.mod h1:KtqSthtg55lFp3S5kUXqlGaelnWpKitn4k1xZTnoiPw=
 gorm.io/driver/postgres v1.0.0/go.mod h1:wtMFcOzmuA5QigNsgEIb7O5lhvH1tHAF1RbWmLWV4to=
 gorm.io/driver/sqlserver v1.0.4/go.mod h1:ciEo5btfITTBCj9BkoUVDvgQbUdLWQNqdFY5OGuGnRg=
--- a/integration/fixtures/k8s/01-traefik-crd.yml
+++ b/integration/fixtures/k8s/01-traefik-crd.yml
@@ -39,7 +39,7 @@ spec:
              entryPoints:
                description: 'EntryPoints defines the list of entry point names to
                  bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v2.8/routing/entrypoints/
                  Default: all.'
                items:
                  type: string
@@ -56,11 +56,11 @@ spec:
                      - Rule
                      type: string
                    match:
-                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#rule'
+                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#rule'
                      type: string
                    middlewares:
                      description: 'Middlewares defines the list of references to
-                        Middleware resources. More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-middleware'
+                        Middleware resources. More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-middleware'
                      items:
                        description: MiddlewareRef is a reference to a Middleware
                          resource.
@@ -79,7 +79,7 @@ spec:
                      type: array
                    priority:
                      description: 'Priority defines the router''s priority. More
-                        info: https://doc.traefik.io/traefik/v2.7/routing/routers/#priority'
+                        info: https://doc.traefik.io/traefik/v2.8/routing/routers/#priority'
                      type: integer
                    services:
                      description: Services defines the list of Service. It can contain
@@ -145,7 +145,7 @@ spec:
                            type: string
                          sticky:
                            description: 'Sticky defines the sticky sessions configuration.
-                              More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
+                              More info: https://doc.traefik.io/traefik/v2.8/routing/services/#sticky-sessions'
                            properties:
                              cookie:
                                description: Cookie defines the sticky cookie configuration.
@@ -190,22 +190,25 @@ spec:
                  type: object
                type: array
              tls:
-                description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#tls'
+                description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#tls'
                properties:
                  certResolver:
                    description: 'CertResolver defines the name of the certificate
                      resolver to use. Cert resolvers have to be configured in the
-                      static configuration. More info: https://doc.traefik.io/traefik/v2.7/https/acme/#certificate-resolvers'
+                      static configuration. More info: https://doc.traefik.io/traefik/v2.8/https/acme/#certificate-resolvers'
                    type: string
                  domains:
                    description: 'Domains defines the list of domains that will be
-                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#domains'
+                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#domains'
                    items:
                      description: Domain holds a domain name with SANs.
                      properties:
                        main:
+                          description: Main defines the main domain name.
                          type: string
                        sans:
+                          description: SANs defines the subject alternative domain
+                            names.
                          items:
                            type: string
                          type: array
@@ -214,15 +217,15 @@ spec:
                  options:
                    description: 'Options defines the reference to a TLSOption, that
                      specifies the parameters of the TLS connection. If not defined,
-                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options'
+                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.8/https/tls/#tls-options'
                    properties:
                      name:
                        description: 'Name defines the name of the referenced TLSOption.
-                          More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsoption'
+                          More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-tlsoption'
                        type: string
                      namespace:
                        description: 'Namespace defines the namespace of the referenced
-                          TLSOption. More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsoption'
+                          TLSOption. More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-tlsoption'
                        type: string
                    required:
                    - name
@@ -238,11 +241,11 @@ spec:
                    properties:
                      name:
                        description: 'Name defines the name of the referenced TLSStore.
-                          More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsstore'
+                          More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-tlsstore'
                        type: string
                      namespace:
                        description: 'Namespace defines the namespace of the referenced
-                          TLSStore. More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsstore'
+                          TLSStore. More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-tlsstore'
                        type: string
                    required:
                    - name
@@ -304,7 +307,7 @@ spec:
              entryPoints:
                description: 'EntryPoints defines the list of entry point names to
                  bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v2.8/routing/entrypoints/
                  Default: all.'
                items:
                  type: string
@@ -315,7 +318,7 @@ spec:
                  description: RouteTCP holds the TCP route configuration.
                  properties:
                    match:
-                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#rule_1'
+                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#rule_1'
                      type: string
                    middlewares:
                      description: Middlewares defines the list of references to MiddlewareTCP
@@ -338,7 +341,7 @@ spec:
                      type: array
                    priority:
                      description: 'Priority defines the router''s priority. More
-                        info: https://doc.traefik.io/traefik/v2.7/routing/routers/#priority_1'
+                        info: https://doc.traefik.io/traefik/v2.8/routing/routers/#priority_1'
                      type: integer
                    services:
                      description: Services defines the list of TCP services.
@@ -363,7 +366,7 @@ spec:
                            x-kubernetes-int-or-string: true
                          proxyProtocol:
                            description: 'ProxyProtocol defines the PROXY protocol
-                              configuration. More info: https://doc.traefik.io/traefik/v2.7/routing/services/#proxy-protocol'
+                              configuration. More info: https://doc.traefik.io/traefik/v2.8/routing/services/#proxy-protocol'
                            properties:
                              version:
                                description: Version defines the PROXY Protocol version
@@ -394,22 +397,25 @@ spec:
                type: array
              tls:
                description: 'TLS defines the TLS configuration on a layer 4 / TCP
-                  Route. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#tls_1'
+                  Route. More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#tls_1'
                properties:
                  certResolver:
                    description: 'CertResolver defines the name of the certificate
                      resolver to use. Cert resolvers have to be configured in the
-                      static configuration. More info: https://doc.traefik.io/traefik/v2.7/https/acme/#certificate-resolvers'
+                      static configuration. More info: https://doc.traefik.io/traefik/v2.8/https/acme/#certificate-resolvers'
                    type: string
                  domains:
                    description: 'Domains defines the list of domains that will be
-                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#domains'
+                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#domains'
                    items:
                      description: Domain holds a domain name with SANs.
                      properties:
                        main:
+                          description: Main defines the main domain name.
                          type: string
                        sans:
+                          description: SANs defines the subject alternative domain
+                            names.
                          items:
                            type: string
                          type: array
@@ -418,7 +424,7 @@ spec:
                  options:
                    description: 'Options defines the reference to a TLSOption, that
                      specifies the parameters of the TLS connection. If not defined,
-                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options'
+                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.8/https/tls/#tls-options'
                    properties:
                      name:
                        description: Name defines the name of the referenced Traefik
@@ -512,7 +518,7 @@ spec:
              entryPoints:
                description: 'EntryPoints defines the list of entry point names to
                  bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v2.8/routing/entrypoints/
                  Default: all.'
                items:
                  type: string
@@ -591,7 +597,7 @@ spec:
    schema:
      openAPIV3Schema:
        description: 'Middleware is the CRD implementation of a Traefik Middleware.
-          More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/overview/'
+          More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/overview/'
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
@@ -611,7 +617,7 @@ spec:
              addPrefix:
                description: 'AddPrefix holds the add prefix middleware configuration.
                  This middleware updates the path of a request before forwarding
-                  it. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/addprefix/'
+                  it. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/addprefix/'
                properties:
                  prefix:
                    description: Prefix is the string to add before the current path
@@ -621,11 +627,11 @@ spec:
              basicAuth:
                description: 'BasicAuth holds the basic auth middleware configuration.
                  This middleware restricts access to your services to known users.
-                  More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/'
+                  More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/basicauth/'
                properties:
                  headerField:
                    description: 'HeaderField defines a header field to store the
-                      authenticated user. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/#headerfield'
+                      authenticated user. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/basicauth/#headerfield'
                    type: string
                  realm:
                    description: 'Realm allows the protected resources on a server
@@ -645,7 +651,7 @@ spec:
              buffering:
                description: 'Buffering holds the buffering middleware configuration.
                  This middleware retries or limits the size of requests that can
-                  be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/buffering/#maxrequestbodybytes'
+                  be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/buffering/#maxrequestbodybytes'
                properties:
                  maxRequestBodyBytes:
                    description: 'MaxRequestBodyBytes defines the maximum allowed
@@ -678,13 +684,13 @@ spec:
                  retryExpression:
                    description: 'RetryExpression defines the retry conditions. It
                      is a logical combination of functions with operators AND (&&)
-                      and OR (||). More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/buffering/#retryexpression'
+                      and OR (||). More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/buffering/#retryexpression'
                    type: string
                type: object
              chain:
                description: 'Chain holds the configuration of the chain middleware.
                  This middleware enables to define reusable combinations of other
-                  pieces of middleware. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/chain/'
+                  pieces of middleware. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/chain/'
                properties:
                  middlewares:
                    description: Middlewares is the list of MiddlewareRef which composes
@@ -738,7 +744,7 @@ spec:
              compress:
                description: 'Compress holds the compress middleware configuration.
                  This middleware compresses responses before sending them to the
-                  client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/compress/'
+                  client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/compress/'
                properties:
                  excludedContentTypes:
                    description: ExcludedContentTypes defines the list of content
@@ -772,11 +778,11 @@ spec:
              digestAuth:
                description: 'DigestAuth holds the digest auth middleware configuration.
                  This middleware restricts access to your services to known users.
-                  More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/digestauth/'
+                  More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/digestauth/'
                properties:
                  headerField:
                    description: 'HeaderField defines a header field to store the
-                      authenticated user. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/#headerfield'
+                      authenticated user. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/basicauth/#headerfield'
                    type: string
                  realm:
                    description: 'Realm allows the protected resources on a server
@@ -795,7 +801,7 @@ spec:
              errors:
                description: 'ErrorPage holds the custom error middleware configuration.
                  This middleware returns a custom page in lieu of the default, according
-                  to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/errorpages/'
+                  to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/errorpages/'
                properties:
                  query:
                    description: Query defines the URL for the error page (hosted
@@ -804,7 +810,7 @@ spec:
                    type: string
                  service:
                    description: 'Service defines the reference to a Kubernetes Service
-                      that will serve the error page. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/errorpages/#service'
+                      that will serve the error page. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/errorpages/#service'
                    properties:
                      kind:
                        description: Kind defines the kind of the Service.
@@ -861,7 +867,7 @@ spec:
                        type: string
                      sticky:
                        description: 'Sticky defines the sticky sessions configuration.
-                          More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
+                          More info: https://doc.traefik.io/traefik/v2.8/routing/services/#sticky-sessions'
                        properties:
                          cookie:
                            description: Cookie defines the sticky cookie configuration.
@@ -910,7 +916,7 @@ spec:
              forwardAuth:
                description: 'ForwardAuth holds the forward auth middleware configuration.
                  This middleware delegates the request authentication to a Service.
-                  More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/forwardauth/'
+                  More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/forwardauth/'
                properties:
                  address:
                    description: Address defines the authentication server address.
@@ -933,7 +939,7 @@ spec:
                    description: 'AuthResponseHeadersRegex defines the regex to match
                      headers to copy from the authentication server response and
                      set on forwarded request, after stripping all headers that match
-                      the regex. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/forwardauth/#authresponseheadersregex'
+                      the regex. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/forwardauth/#authresponseheadersregex'
                    type: string
                  tls:
                    description: TLS defines the configuration used to secure the
@@ -964,7 +970,7 @@ spec:
              headers:
                description: 'Headers holds the headers middleware configuration.
                  This middleware manages the requests and responses headers. More
-                  info: https://doc.traefik.io/traefik/v2.7/middlewares/http/headers/#customrequestheaders'
+                  info: https://doc.traefik.io/traefik/v2.8/middlewares/http/headers/#customrequestheaders'
                properties:
                  accessControlAllowCredentials:
                    description: AccessControlAllowCredentials defines whether the
@@ -1125,7 +1131,7 @@ spec:
              inFlightReq:
                description: 'InFlightReq holds the in-flight request middleware configuration.
                  This middleware limits the number of requests being processed and
-                  served concurrently. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/inflightreq/'
+                  served concurrently. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/inflightreq/'
                properties:
                  amount:
                    description: Amount defines the maximum amount of allowed simultaneous
@@ -1139,11 +1145,11 @@ spec:
                      group requests as originating from a common source. If several
                      strategies are defined at the same time, an error will be raised.
                      If none are set, the default is to use the requestHost. More
-                      info: https://doc.traefik.io/traefik/v2.7/middlewares/http/inflightreq/#sourcecriterion'
+                      info: https://doc.traefik.io/traefik/v2.8/middlewares/http/inflightreq/#sourcecriterion'
                    properties:
                      ipStrategy:
                        description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/#ipstrategy'
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/ipwhitelist/#ipstrategy'
                        properties:
                          depth:
                            description: Depth tells Traefik to use the X-Forwarded-For
@@ -1171,11 +1177,11 @@ spec:
              ipWhiteList:
                description: 'IPWhiteList holds the IP whitelist middleware configuration.
                  This middleware accepts / refuses requests based on the client IP.
-                  More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/'
+                  More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/ipwhitelist/'
                properties:
                  ipStrategy:
                    description: 'IPStrategy holds the IP strategy configuration used
-                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/#ipstrategy'
+                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/ipwhitelist/#ipstrategy'
                    properties:
                      depth:
                        description: Depth tells Traefik to use the X-Forwarded-For
@@ -1199,7 +1205,7 @@ spec:
              passTLSClientCert:
                description: 'PassTLSClientCert holds the pass TLS client cert middleware
                  configuration. This middleware adds the selected data from the passed
-                  client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/passtlsclientcert/'
+                  client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/passtlsclientcert/'
                properties:
                  info:
                    description: Info selects the specific client certificate details
@@ -1300,11 +1306,13 @@ spec:
              plugin:
                additionalProperties:
                  x-kubernetes-preserve-unknown-fields: true
+                description: 'Plugin defines the middleware plugin configuration.
+                  More info: https://doc.traefik.io/traefik/plugins/'
                type: object
              rateLimit:
                description: 'RateLimit holds the rate limit configuration. This middleware
                  ensures that services will receive a fair amount of requests, and
-                  allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ratelimit/'
+                  allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/ratelimit/'
                properties:
                  average:
                    description: Average is the maximum rate, by default in requests/s,
@@ -1337,7 +1345,7 @@ spec:
                    properties:
                      ipStrategy:
                        description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/#ipstrategy'
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/ipwhitelist/#ipstrategy'
                        properties:
                          depth:
                            description: Depth tells Traefik to use the X-Forwarded-For
@@ -1365,7 +1373,7 @@ spec:
              redirectRegex:
                description: 'RedirectRegex holds the redirect regex middleware configuration.
                  This middleware redirects a request using regex matching and replacement.
-                  More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/redirectregex/#regex'
+                  More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/redirectregex/#regex'
                properties:
                  permanent:
                    description: Permanent defines whether the redirection is permanent
@@ -1383,7 +1391,7 @@ spec:
              redirectScheme:
                description: 'RedirectScheme holds the redirect scheme middleware
                  configuration. This middleware redirects requests from a scheme/port
-                  to another. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/redirectscheme/'
+                  to another. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/redirectscheme/'
                properties:
                  permanent:
                    description: Permanent defines whether the redirection is permanent
@@ -1399,7 +1407,7 @@ spec:
              replacePath:
                description: 'ReplacePath holds the replace path middleware configuration.
                  This middleware replaces the path of the request URL and store the
-                  original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/replacepath/'
+                  original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/replacepath/'
                properties:
                  path:
                    description: Path defines the path to use as replacement in the
@@ -1409,7 +1417,7 @@ spec:
              replacePathRegex:
                description: 'ReplacePathRegex holds the replace path regex middleware
                  configuration. This middleware replaces the path of a URL using
-                  regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/replacepathregex/'
+                  regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/replacepathregex/'
                properties:
                  regex:
                    description: Regex defines the regular expression used to match
@@ -1425,7 +1433,7 @@ spec:
                  middleware reissues requests a given number of times to a backend
                  server if that server does not reply. As soon as the server answers,
                  the middleware stops retrying, regardless of the response status.
-                  More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/retry/'
+                  More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/retry/'
                properties:
                  attempts:
                    description: Attempts defines how many times the request should
@@ -1445,7 +1453,7 @@ spec:
              stripPrefix:
                description: 'StripPrefix holds the strip prefix middleware configuration.
                  This middleware removes the specified prefixes from the URL path.
-                  More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/stripprefix/'
+                  More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/stripprefix/'
                properties:
                  forceSlash:
                    description: 'ForceSlash ensures that the resulting stripped path
@@ -1462,7 +1470,7 @@ spec:
              stripPrefixRegex:
                description: 'StripPrefixRegex holds the strip prefix regex middleware
                  configuration. This middleware removes the matching prefixes from
-                  the URL path. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/stripprefixregex/'
+                  the URL path. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/stripprefixregex/'
                properties:
                  regex:
                    description: Regex defines the regular expression to match the
@@ -1506,7 +1514,7 @@ spec:
    schema:
      openAPIV3Schema:
        description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
-          More info: https://doc.traefik.io/traefik/v2.7/middlewares/overview/'
+          More info: https://doc.traefik.io/traefik/v2.8/middlewares/overview/'
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
@@ -1580,7 +1588,7 @@ spec:
        description: 'ServersTransport is the CRD implementation of a ServersTransport.
          If no serversTransport is specified, the default@internal will be used.
          The default@internal serversTransport is created from the static configuration.
-          More info: https://doc.traefik.io/traefik/v2.7/routing/services/#serverstransport_1'
+          More info: https://doc.traefik.io/traefik/v2.8/routing/services/#serverstransport_1'
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
@@ -1707,7 +1715,7 @@ spec:
      openAPIV3Schema:
        description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
          allowing to configure some parameters of the TLS connection. More info:
-          https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options'
+          https://doc.traefik.io/traefik/v2.8/https/tls/#tls-options'
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
@@ -1727,13 +1735,13 @@ spec:
              alpnProtocols:
                description: 'ALPNProtocols defines the list of supported application
                  level protocols for the TLS handshake, in order of preference. More
-                  info: https://doc.traefik.io/traefik/v2.7/https/tls/#alpn-protocols'
+                  info: https://doc.traefik.io/traefik/v2.8/https/tls/#alpn-protocols'
                items:
                  type: string
                type: array
              cipherSuites:
                description: 'CipherSuites defines the list of supported cipher suites
-                  for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#cipher-suites'
+                  for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.8/https/tls/#cipher-suites'
                items:
                  type: string
                type: array
@@ -1760,7 +1768,7 @@ spec:
                type: object
              curvePreferences:
                description: 'CurvePreferences defines the preferred elliptic curves
-                  in a specific order. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#curve-preferences'
+                  in a specific order. More info: https://doc.traefik.io/traefik/v2.8/https/tls/#curve-preferences'
                items:
                  type: string
                type: array
@@ -1820,7 +1828,7 @@ spec:
        description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
          the time being, only the TLSStore named default is supported. This means
          that you cannot have two stores that are named default in different Kubernetes
-          namespaces. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#certificates-stores'
+          namespaces. More info: https://doc.traefik.io/traefik/v2.8/https/tls/#certificates-stores'
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
@@ -1897,7 +1905,7 @@ spec:
      openAPIV3Schema:
        description: 'TraefikService is the CRD implementation of a Traefik Service.
          TraefikService object allows to:  - Apply weight to Services on load-balancing  -
-          Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-traefikservice'
+          Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-traefikservice'
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
@@ -1996,7 +2004,7 @@ spec:
                          type: string
                        sticky:
                          description: 'Sticky defines the sticky sessions configuration.
-                            More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
+                            More info: https://doc.traefik.io/traefik/v2.8/routing/services/#sticky-sessions'
                          properties:
                            cookie:
                              description: Cookie defines the sticky cookie configuration.
@@ -2080,7 +2088,7 @@ spec:
                    type: string
                  sticky:
                    description: 'Sticky defines the sticky sessions configuration.
-                      More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
+                      More info: https://doc.traefik.io/traefik/v2.8/routing/services/#sticky-sessions'
                    properties:
                      cookie:
                        description: Cookie defines the sticky cookie configuration.
@@ -2180,7 +2188,7 @@ spec:
                          type: string
                        sticky:
                          description: 'Sticky defines the sticky sessions configuration.
-                            More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
+                            More info: https://doc.traefik.io/traefik/v2.8/routing/services/#sticky-sessions'
                          properties:
                            cookie:
                              description: Cookie defines the sticky cookie configuration.
@@ -2219,7 +2227,7 @@ spec:
                    type: array
                  sticky:
                    description: 'Sticky defines whether sticky sessions are enabled.
-                      More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
+                      More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
                    properties:
                      cookie:
                        description: Cookie defines the sticky cookie configuration.
--- a/pkg/config/dynamic/middlewares.go
+++ b/pkg/config/dynamic/middlewares.go
@@ -55,7 +55,7 @@ type ContentType struct {

 // AddPrefix holds the add prefix middleware configuration.
 // This middleware updates the path of a request before forwarding it.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/addprefix/
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/addprefix/
 type AddPrefix struct {
 	// Prefix is the string to add before the current path in the requested URL.
 	// It should include a leading slash (/).
@@ -66,7 +66,7 @@ type AddPrefix struct {

 // BasicAuth holds the basic auth middleware configuration.
 // This middleware restricts access to your services to known users.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/basicauth/
 type BasicAuth struct {
 	// Users is an array of authorized users.
 	// Each user must be declared using the name:hashed-password format.
@@ -81,7 +81,7 @@ type BasicAuth struct {
 	// Default: false.
 	RemoveHeader bool `json:"removeHeader,omitempty" toml:"removeHeader,omitempty" yaml:"removeHeader,omitempty" export:"true"`
 	// HeaderField defines a header field to store the authenticated user.
-	// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/#headerfield
+	// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/basicauth/#headerfield
 	HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
 }

@@ -89,7 +89,7 @@ type BasicAuth struct {

 // Buffering holds the buffering middleware configuration.
 // This middleware retries or limits the size of requests that can be forwarded to backends.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/buffering/#maxrequestbodybytes
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/buffering/#maxrequestbodybytes
 type Buffering struct {
 	// MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).
 	// If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.
@@ -107,7 +107,7 @@ type Buffering struct {
 	MemResponseBodyBytes int64 `json:"memResponseBodyBytes,omitempty" toml:"memResponseBodyBytes,omitempty" yaml:"memResponseBodyBytes,omitempty" export:"true"`
 	// RetryExpression defines the retry conditions.
 	// It is a logical combination of functions with operators AND (&&) and OR (||).
-	// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/buffering/#retryexpression
+	// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/buffering/#retryexpression
 	RetryExpression string `json:"retryExpression,omitempty" toml:"retryExpression,omitempty" yaml:"retryExpression,omitempty" export:"true"`
 }

@@ -124,7 +124,7 @@ type Chain struct {

 // CircuitBreaker holds the circuit breaker middleware configuration.
 // This middleware protects the system from stacking requests to unhealthy services, resulting in cascading failures.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/circuitbreaker/
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/circuitbreaker/
 type CircuitBreaker struct {
 	// Expression defines the expression that, once matched, opens the circuit breaker and applies the fallback mechanism instead of calling the services.
 	Expression string `json:"expression,omitempty" toml:"expression,omitempty" yaml:"expression,omitempty" export:"true"`
@@ -147,7 +147,7 @@ func (c *CircuitBreaker) SetDefaults() {

 // Compress holds the compress middleware configuration.
 // This middleware compresses responses before sending them to the client, using gzip compression.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/compress/
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/compress/
 type Compress struct {
 	// ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing.
 	ExcludedContentTypes []string `json:"excludedContentTypes,omitempty" toml:"excludedContentTypes,omitempty" yaml:"excludedContentTypes,omitempty" export:"true"`
@@ -160,7 +160,7 @@ type Compress struct {

 // DigestAuth holds the digest auth middleware configuration.
 // This middleware restricts access to your services to known users.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/digestauth/
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/digestauth/
 type DigestAuth struct {
 	// Users defines the authorized users.
 	// Each user should be declared using the name:realm:encoded-password format.
@@ -173,7 +173,7 @@ type DigestAuth struct {
 	// Default: traefik.
 	Realm string `json:"realm,omitempty" toml:"realm,omitempty" yaml:"realm,omitempty"`
 	// HeaderField defines a header field to store the authenticated user.
-	// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/#headerfield
+	// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/basicauth/#headerfield
 	HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
 }

@@ -199,7 +199,7 @@ type ErrorPage struct {

 // ForwardAuth holds the forward auth middleware configuration.
 // This middleware delegates the request authentication to a Service.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/forwardauth/
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/forwardauth/
 type ForwardAuth struct {
 	// Address defines the authentication server address.
 	Address string `json:"address,omitempty" toml:"address,omitempty" yaml:"address,omitempty"`
@@ -210,7 +210,7 @@ type ForwardAuth struct {
 	// AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers.
 	AuthResponseHeaders []string `json:"authResponseHeaders,omitempty" toml:"authResponseHeaders,omitempty" yaml:"authResponseHeaders,omitempty" export:"true"`
 	// AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
-	// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/forwardauth/#authresponseheadersregex
+	// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/forwardauth/#authresponseheadersregex
 	AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty" toml:"authResponseHeadersRegex,omitempty" yaml:"authResponseHeadersRegex,omitempty" export:"true"`
 	// AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
 	// If not set or empty then all request headers are passed.
@@ -221,7 +221,7 @@ type ForwardAuth struct {

 // Headers holds the headers middleware configuration.
 // This middleware manages the requests and responses headers.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/headers/#customrequestheaders
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/headers/#customrequestheaders
 type Headers struct {
 	// CustomRequestHeaders defines the header names and values to apply to the request.
 	CustomRequestHeaders map[string]string `json:"customRequestHeaders,omitempty" toml:"customRequestHeaders,omitempty" yaml:"customRequestHeaders,omitempty" export:"true"`
@@ -346,7 +346,7 @@ func (h *Headers) HasSecureHeadersDefined() bool {
 // +k8s:deepcopy-gen=true

 // IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/#ipstrategy
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/ipwhitelist/#ipstrategy
 type IPStrategy struct {
 	// Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
 	Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"`
@@ -387,7 +387,7 @@ func (s *IPStrategy) Get() (ip.Strategy, error) {

 // IPWhiteList holds the IP whitelist middleware configuration.
 // This middleware accepts / refuses requests based on the client IP.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/ipwhitelist/
 type IPWhiteList struct {
 	// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation).
 	SourceRange []string    `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
@@ -398,7 +398,7 @@ type IPWhiteList struct {

 // InFlightReq holds the in-flight request middleware configuration.
 // This middleware limits the number of requests being processed and served concurrently.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/inflightreq/
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/inflightreq/
 type InFlightReq struct {
 	// Amount defines the maximum amount of allowed simultaneous in-flight request.
 	// The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
@@ -406,7 +406,7 @@ type InFlightReq struct {
 	// SourceCriterion defines what criterion is used to group requests as originating from a common source.
 	// If several strategies are defined at the same time, an error will be raised.
 	// If none are set, the default is to use the requestHost.
-	// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/inflightreq/#sourcecriterion
+	// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/inflightreq/#sourcecriterion
 	SourceCriterion *SourceCriterion `json:"sourceCriterion,omitempty" toml:"sourceCriterion,omitempty" yaml:"sourceCriterion,omitempty" export:"true"`
 }

@@ -414,7 +414,7 @@ type InFlightReq struct {

 // PassTLSClientCert holds the pass TLS client cert middleware configuration.
 // This middleware adds the selected data from the passed client TLS certificate to a header.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/passtlsclientcert/
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/passtlsclientcert/
 type PassTLSClientCert struct {
 	// PEM sets the X-Forwarded-Tls-Client-Cert header with the escaped certificate.
 	PEM bool `json:"pem,omitempty" toml:"pem,omitempty" yaml:"pem,omitempty" export:"true"`
@@ -470,7 +470,7 @@ func (r *RateLimit) SetDefaults() {

 // RedirectRegex holds the redirect regex middleware configuration.
 // This middleware redirects a request using regex matching and replacement.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/redirectregex/#regex
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/redirectregex/#regex
 type RedirectRegex struct {
 	// Regex defines the regex used to match and capture elements from the request URL.
 	Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty"`
@@ -484,7 +484,7 @@ type RedirectRegex struct {

 // RedirectScheme holds the redirect scheme middleware configuration.
 // This middleware redirects requests from a scheme/port to another.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/redirectscheme/
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/redirectscheme/
 type RedirectScheme struct {
 	// Scheme defines the scheme of the new URL.
 	Scheme string `json:"scheme,omitempty" toml:"scheme,omitempty" yaml:"scheme,omitempty" export:"true"`
@@ -498,7 +498,7 @@ type RedirectScheme struct {

 // ReplacePath holds the replace path middleware configuration.
 // This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/replacepath/
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/replacepath/
 type ReplacePath struct {
 	// Path defines the path to use as replacement in the request URL.
 	Path string `json:"path,omitempty" toml:"path,omitempty" yaml:"path,omitempty" export:"true"`
@@ -508,7 +508,7 @@ type ReplacePath struct {

 // ReplacePathRegex holds the replace path regex middleware configuration.
 // This middleware replaces the path of a URL using regex matching and replacement.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/replacepathregex/
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/replacepathregex/
 type ReplacePathRegex struct {
 	// Regex defines the regular expression used to match and capture the path from the request URL.
 	Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"`
@@ -521,7 +521,7 @@ type ReplacePathRegex struct {
 // Retry holds the retry middleware configuration.
 // This middleware reissues requests a given number of times to a backend server if that server does not reply.
 // As soon as the server answers, the middleware stops retrying, regardless of the response status.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/retry/
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/retry/
 type Retry struct {
 	// Attempts defines how many times the request should be retried.
 	Attempts int `json:"attempts,omitempty" toml:"attempts,omitempty" yaml:"attempts,omitempty" export:"true"`
@@ -537,7 +537,7 @@ type Retry struct {

 // StripPrefix holds the strip prefix middleware configuration.
 // This middleware removes the specified prefixes from the URL path.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/stripprefix/
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/stripprefix/
 type StripPrefix struct {
 	// Prefixes defines the prefixes to strip from the request URL.
 	Prefixes []string `json:"prefixes,omitempty" toml:"prefixes,omitempty" yaml:"prefixes,omitempty" export:"true"`
@@ -555,7 +555,7 @@ func (s *StripPrefix) SetDefaults() {

 // StripPrefixRegex holds the strip prefix regex middleware configuration.
 // This middleware removes the matching prefixes from the URL path.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/stripprefixregex/
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/stripprefixregex/
 type StripPrefixRegex struct {
 	// Regex defines the regular expression to match the path prefix from the request URL.
 	Regex []string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"`
--- a/pkg/config/dynamic/tcp_config.go
+++ b/pkg/config/dynamic/tcp_config.go
@@ -114,7 +114,7 @@ type TCPServer struct {
 // +k8s:deepcopy-gen=true

 // ProxyProtocol holds the PROXY Protocol configuration.
-// More info: https://doc.traefik.io/traefik/v2.7/routing/services/#proxy-protocol
+// More info: https://doc.traefik.io/traefik/v2.8/routing/services/#proxy-protocol
 type ProxyProtocol struct {
 	// Version defines the PROXY Protocol version to use.
 	Version int `json:"version,omitempty" toml:"version,omitempty" yaml:"version,omitempty" export:"true"`
--- a/pkg/config/dynamic/tcp_middlewares.go
+++ b/pkg/config/dynamic/tcp_middlewares.go
@@ -13,7 +13,7 @@ type TCPMiddleware struct {
 // TCPInFlightConn holds the TCP InFlightConn middleware configuration.
 // This middleware prevents services from being overwhelmed with high load,
 // by limiting the number of allowed simultaneous connections for one IP.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/tcp/inflightconn/
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/tcp/inflightconn/
 type TCPInFlightConn struct {
 	// Amount defines the maximum amount of allowed simultaneous connections.
 	// The middleware closes the connection if there are already amount connections opened.
--- a/pkg/metrics/datadog.go
+++ b/pkg/metrics/datadog.go
@@ -12,8 +12,8 @@ import (
 )

 var (
-	datadogClient *dogstatsd.Dogstatsd
-	datadogTicker *time.Ticker
+	datadogClient         *dogstatsd.Dogstatsd
+	datadogLoopCancelFunc context.CancelFunc
 )

 // Metric names consistent with https://github.com/DataDog/integrations-extras/pull/64
@@ -44,6 +44,9 @@ const (

 // RegisterDatadog registers the metrics pusher if this didn't happen yet and creates a datadog Registry instance.
 func RegisterDatadog(ctx context.Context, config *types.Datadog) Registry {
+	// Ensures there is only one DataDog client sending metrics at any given time.
+	StopDatadog()
+
 	// just to be sure there is a prefix defined
 	if config.Prefix == "" {
 		config.Prefix = defaultMetricsPrefix
@@ -54,9 +57,7 @@ func RegisterDatadog(ctx context.Context, config *types.Datadog) Registry {
 		return nil
 	}))

-	if datadogTicker == nil {
-		datadogTicker = initDatadogClient(ctx, config)
-	}
+	initDatadogClient(ctx, config)

 	registry := &standardRegistry{
 		configReloadsCounter:           datadogClient.NewCounter(ddConfigReloadsName, 1.0),
@@ -95,25 +96,26 @@ func RegisterDatadog(ctx context.Context, config *types.Datadog) Registry {
 	return registry
 }

-func initDatadogClient(ctx context.Context, config *types.Datadog) *time.Ticker {
+func initDatadogClient(ctx context.Context, config *types.Datadog) {
 	address := config.Address
 	if len(address) == 0 {
 		address = "localhost:8125"
 	}

-	report := time.NewTicker(time.Duration(config.PushInterval))
+	ctx, datadogLoopCancelFunc = context.WithCancel(ctx)

 	safe.Go(func() {
-		datadogClient.SendLoop(ctx, report.C, "udp", address)
+		ticker := time.NewTicker(time.Duration(config.PushInterval))
+		defer ticker.Stop()
+
+		datadogClient.SendLoop(ctx, ticker.C, "udp", address)
 	})
-
-	return report
 }

-// StopDatadog stops internal datadogTicker which controls the pushing of metrics to DD Agent and resets it to `nil`.
+// StopDatadog stops the Datadog metrics pusher.
 func StopDatadog() {
-	if datadogTicker != nil {
-		datadogTicker.Stop()
+	if datadogLoopCancelFunc != nil {
+		datadogLoopCancelFunc()
+		datadogLoopCancelFunc = nil
 	}
-	datadogTicker = nil
 }
--- a/pkg/metrics/prometheus.go
+++ b/pkg/metrics/prometheus.go
@@ -4,8 +4,6 @@ import (
 	"context"
 	"errors"
 	"net/http"
-	"sort"
-	"strings"
 	"sync"
 	"time"

@@ -15,7 +13,6 @@ import (
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 	"github.com/traefik/traefik/v2/pkg/config/dynamic"
 	"github.com/traefik/traefik/v2/pkg/log"
-	"github.com/traefik/traefik/v2/pkg/safe"
 	"github.com/traefik/traefik/v2/pkg/types"
 )

@@ -111,37 +108,33 @@ func initStandardRegistry(config *types.Prometheus) Registry {
 		buckets = config.Buckets
 	}

-	safe.Go(func() {
-		promState.ListenValueUpdates()
-	})
-
-	configReloads := newCounterFrom(promState.collectors, stdprometheus.CounterOpts{
+	configReloads := newCounterFrom(stdprometheus.CounterOpts{
 		Name: configReloadsTotalName,
 		Help: "Config reloads",
 	}, []string{})
-	configReloadsFailures := newCounterFrom(promState.collectors, stdprometheus.CounterOpts{
+	configReloadsFailures := newCounterFrom(stdprometheus.CounterOpts{
 		Name: configReloadsFailuresTotalName,
 		Help: "Config failure reloads",
 	}, []string{})
-	lastConfigReloadSuccess := newGaugeFrom(promState.collectors, stdprometheus.GaugeOpts{
+	lastConfigReloadSuccess := newGaugeFrom(stdprometheus.GaugeOpts{
 		Name: configLastReloadSuccessName,
 		Help: "Last config reload success",
 	}, []string{})
-	lastConfigReloadFailure := newGaugeFrom(promState.collectors, stdprometheus.GaugeOpts{
+	lastConfigReloadFailure := newGaugeFrom(stdprometheus.GaugeOpts{
 		Name: configLastReloadFailureName,
 		Help: "Last config reload failure",
 	}, []string{})
-	tlsCertsNotAfterTimestamp := newGaugeFrom(promState.collectors, stdprometheus.GaugeOpts{
+	tlsCertsNotAfterTimestamp := newGaugeFrom(stdprometheus.GaugeOpts{
 		Name: tlsCertsNotAfterTimestamp,
 		Help: "Certificate expiration timestamp",
 	}, []string{"cn", "serial", "sans"})

-	promState.describers = []func(chan<- *stdprometheus.Desc){
-		configReloads.cv.Describe,
-		configReloadsFailures.cv.Describe,
-		lastConfigReloadSuccess.gv.Describe,
-		lastConfigReloadFailure.gv.Describe,
-		tlsCertsNotAfterTimestamp.gv.Describe,
+	promState.vectors = []vector{
+		configReloads.cv,
+		configReloadsFailures.cv,
+		lastConfigReloadSuccess.gv,
+		lastConfigReloadFailure.gv,
+		tlsCertsNotAfterTimestamp.gv,
 	}

 	reg := &standardRegistry{
@@ -156,30 +149,30 @@ func initStandardRegistry(config *types.Prometheus) Registry {
 	}

 	if config.AddEntryPointsLabels {
-		entryPointReqs := newCounterFrom(promState.collectors, stdprometheus.CounterOpts{
+		entryPointReqs := newCounterFrom(stdprometheus.CounterOpts{
 			Name: entryPointReqsTotalName,
 			Help: "How many HTTP requests processed on an entrypoint, partitioned by status code, protocol, and method.",
 		}, []string{"code", "method", "protocol", "entrypoint"})
-		entryPointReqsTLS := newCounterFrom(promState.collectors, stdprometheus.CounterOpts{
+		entryPointReqsTLS := newCounterFrom(stdprometheus.CounterOpts{
 			Name: entryPointReqsTLSTotalName,
 			Help: "How many HTTP requests with TLS processed on an entrypoint, partitioned by TLS Version and TLS cipher Used.",
 		}, []string{"tls_version", "tls_cipher", "entrypoint"})
-		entryPointReqDurations := newHistogramFrom(promState.collectors, stdprometheus.HistogramOpts{
+		entryPointReqDurations := newHistogramFrom(stdprometheus.HistogramOpts{
 			Name:    entryPointReqDurationName,
 			Help:    "How long it took to process the request on an entrypoint, partitioned by status code, protocol, and method.",
 			Buckets: buckets,
 		}, []string{"code", "method", "protocol", "entrypoint"})
-		entryPointOpenConns := newGaugeFrom(promState.collectors, stdprometheus.GaugeOpts{
+		entryPointOpenConns := newGaugeFrom(stdprometheus.GaugeOpts{
 			Name: entryPointOpenConnsName,
 			Help: "How many open connections exist on an entrypoint, partitioned by method and protocol.",
 		}, []string{"method", "protocol", "entrypoint"})

-		promState.describers = append(promState.describers, []func(chan<- *stdprometheus.Desc){
-			entryPointReqs.cv.Describe,
-			entryPointReqsTLS.cv.Describe,
-			entryPointReqDurations.hv.Describe,
-			entryPointOpenConns.gv.Describe,
-		}...)
+		promState.vectors = append(promState.vectors,
+			entryPointReqs.cv,
+			entryPointReqsTLS.cv,
+			entryPointReqDurations.hv,
+			entryPointOpenConns.gv,
+		)

 		reg.entryPointReqsCounter = entryPointReqs
 		reg.entryPointReqsTLSCounter = entryPointReqsTLS
@@ -188,30 +181,30 @@ func initStandardRegistry(config *types.Prometheus) Registry {
 	}

 	if config.AddRoutersLabels {
-		routerReqs := newCounterFrom(promState.collectors, stdprometheus.CounterOpts{
+		routerReqs := newCounterFrom(stdprometheus.CounterOpts{
 			Name: routerReqsTotalName,
 			Help: "How many HTTP requests are processed on a router, partitioned by service, status code, protocol, and method.",
 		}, []string{"code", "method", "protocol", "router", "service"})
-		routerReqsTLS := newCounterFrom(promState.collectors, stdprometheus.CounterOpts{
+		routerReqsTLS := newCounterFrom(stdprometheus.CounterOpts{
 			Name: routerReqsTLSTotalName,
 			Help: "How many HTTP requests with TLS are processed on a router, partitioned by service, TLS Version, and TLS cipher Used.",
 		}, []string{"tls_version", "tls_cipher", "router", "service"})
-		routerReqDurations := newHistogramFrom(promState.collectors, stdprometheus.HistogramOpts{
+		routerReqDurations := newHistogramFrom(stdprometheus.HistogramOpts{
 			Name:    routerReqDurationName,
 			Help:    "How long it took to process the request on a router, partitioned by service, status code, protocol, and method.",
 			Buckets: buckets,
 		}, []string{"code", "method", "protocol", "router", "service"})
-		routerOpenConns := newGaugeFrom(promState.collectors, stdprometheus.GaugeOpts{
+		routerOpenConns := newGaugeFrom(stdprometheus.GaugeOpts{
 			Name: routerOpenConnsName,
 			Help: "How many open connections exist on a router, partitioned by service, method, and protocol.",
 		}, []string{"method", "protocol", "router", "service"})

-		promState.describers = append(promState.describers, []func(chan<- *stdprometheus.Desc){
-			routerReqs.cv.Describe,
-			routerReqsTLS.cv.Describe,
-			routerReqDurations.hv.Describe,
-			routerOpenConns.gv.Describe,
-		}...)
+		promState.vectors = append(promState.vectors,
+			routerReqs.cv,
+			routerReqsTLS.cv,
+			routerReqDurations.hv,
+			routerOpenConns.gv,
+		)
 		reg.routerReqsCounter = routerReqs
 		reg.routerReqsTLSCounter = routerReqsTLS
 		reg.routerReqDurationHistogram, _ = NewHistogramWithScale(routerReqDurations, time.Second)
@@ -219,40 +212,40 @@ func initStandardRegistry(config *types.Prometheus) Registry {
 	}

 	if config.AddServicesLabels {
-		serviceReqs := newCounterFrom(promState.collectors, stdprometheus.CounterOpts{
+		serviceReqs := newCounterFrom(stdprometheus.CounterOpts{
 			Name: serviceReqsTotalName,
 			Help: "How many HTTP requests processed on a service, partitioned by status code, protocol, and method.",
 		}, []string{"code", "method", "protocol", "service"})
-		serviceReqsTLS := newCounterFrom(promState.collectors, stdprometheus.CounterOpts{
+		serviceReqsTLS := newCounterFrom(stdprometheus.CounterOpts{
 			Name: serviceReqsTLSTotalName,
 			Help: "How many HTTP requests with TLS processed on a service, partitioned by TLS version and TLS cipher.",
 		}, []string{"tls_version", "tls_cipher", "service"})
-		serviceReqDurations := newHistogramFrom(promState.collectors, stdprometheus.HistogramOpts{
+		serviceReqDurations := newHistogramFrom(stdprometheus.HistogramOpts{
 			Name:    serviceReqDurationName,
 			Help:    "How long it took to process the request on a service, partitioned by status code, protocol, and method.",
 			Buckets: buckets,
 		}, []string{"code", "method", "protocol", "service"})
-		serviceOpenConns := newGaugeFrom(promState.collectors, stdprometheus.GaugeOpts{
+		serviceOpenConns := newGaugeFrom(stdprometheus.GaugeOpts{
 			Name: serviceOpenConnsName,
 			Help: "How many open connections exist on a service, partitioned by method and protocol.",
 		}, []string{"method", "protocol", "service"})
-		serviceRetries := newCounterFrom(promState.collectors, stdprometheus.CounterOpts{
+		serviceRetries := newCounterFrom(stdprometheus.CounterOpts{
 			Name: serviceRetriesTotalName,
 			Help: "How many request retries happened on a service.",
 		}, []string{"service"})
-		serviceServerUp := newGaugeFrom(promState.collectors, stdprometheus.GaugeOpts{
+		serviceServerUp := newGaugeFrom(stdprometheus.GaugeOpts{
 			Name: serviceServerUpName,
 			Help: "service server is up, described by gauge value of 0 or 1.",
 		}, []string{"service", "url"})

-		promState.describers = append(promState.describers, []func(chan<- *stdprometheus.Desc){
-			serviceReqs.cv.Describe,
-			serviceReqsTLS.cv.Describe,
-			serviceReqDurations.hv.Describe,
-			serviceOpenConns.gv.Describe,
-			serviceRetries.cv.Describe,
-			serviceServerUp.gv.Describe,
-		}...)
+		promState.vectors = append(promState.vectors,
+			serviceReqs.cv,
+			serviceReqsTLS.cv,
+			serviceReqDurations.hv,
+			serviceOpenConns.gv,
+			serviceRetries.cv,
+			serviceServerUp.gv,
+		)

 		reg.serviceReqsCounter = serviceReqs
 		reg.serviceReqsTLSCounter = serviceReqsTLS
@@ -287,64 +280,93 @@ func registerPromState(ctx context.Context) bool {
 // It then converts the configuration to the optimized package internal format
 // and sets it to the promState.
 func OnConfigurationUpdate(conf dynamic.Configuration, entryPoints []string) {
-	dynamicConfig := newDynamicConfig()
+	dynCfg := newDynamicConfig()

 	for _, value := range entryPoints {
-		dynamicConfig.entryPoints[value] = true
+		dynCfg.entryPoints[value] = true
+	}
+
+	if conf.HTTP == nil {
+		promState.SetDynamicConfig(dynCfg)
+		return
 	}

 	for name := range conf.HTTP.Routers {
-		dynamicConfig.routers[name] = true
+		dynCfg.routers[name] = true
 	}

 	for serviceName, service := range conf.HTTP.Services {
-		dynamicConfig.services[serviceName] = make(map[string]bool)
+		dynCfg.services[serviceName] = make(map[string]bool)
 		if service.LoadBalancer != nil {
 			for _, server := range service.LoadBalancer.Servers {
-				dynamicConfig.services[serviceName][server.URL] = true
+				dynCfg.services[serviceName][server.URL] = true
 			}
 		}
 	}

-	promState.SetDynamicConfig(dynamicConfig)
+	promState.SetDynamicConfig(dynCfg)
 }

 func newPrometheusState() *prometheusState {
 	return &prometheusState{
-		collectors:    make(chan *collector),
 		dynamicConfig: newDynamicConfig(),
-		state:         make(map[string]*collector),
+		deletedURLs:   make(map[string]string),
 	}
 }

-type prometheusState struct {
-	collectors chan *collector
-	describers []func(ch chan<- *stdprometheus.Desc)
+type vector interface {
+	stdprometheus.Collector
+	DeletePartialMatch(labels stdprometheus.Labels) int
+}

-	mtx           sync.Mutex
-	dynamicConfig *dynamicConfig
-	state         map[string]*collector
+type prometheusState struct {
+	vectors []vector
+
+	mtx             sync.Mutex
+	dynamicConfig   *dynamicConfig
+	deletedEP       []string
+	deletedRouters  []string
+	deletedServices []string
+	deletedURLs     map[string]string
 }

 func (ps *prometheusState) SetDynamicConfig(dynamicConfig *dynamicConfig) {
 	ps.mtx.Lock()
 	defer ps.mtx.Unlock()
-	ps.dynamicConfig = dynamicConfig
-}

-func (ps *prometheusState) ListenValueUpdates() {
-	for collector := range ps.collectors {
-		ps.mtx.Lock()
-		ps.state[collector.id] = collector
-		ps.mtx.Unlock()
+	for ep := range ps.dynamicConfig.entryPoints {
+		if _, ok := dynamicConfig.entryPoints[ep]; !ok {
+			ps.deletedEP = append(ps.deletedEP, ep)
+		}
 	}
+
+	for router := range ps.dynamicConfig.routers {
+		if _, ok := dynamicConfig.routers[router]; !ok {
+			ps.deletedRouters = append(ps.deletedRouters, router)
+		}
+	}
+
+	for service, serV := range ps.dynamicConfig.services {
+		actualService, ok := dynamicConfig.services[service]
+		if !ok {
+			ps.deletedServices = append(ps.deletedServices, service)
+			continue
+		}
+		for url := range serV {
+			if _, ok := actualService[url]; !ok {
+				ps.deletedURLs[service] = url
+			}
+		}
+	}
+
+	ps.dynamicConfig = dynamicConfig
 }

 // Describe implements prometheus.Collector and simply calls
 // the registered describer functions.
 func (ps *prometheusState) Describe(ch chan<- *stdprometheus.Desc) {
-	for _, desc := range ps.describers {
-		desc(ch)
+	for _, v := range ps.vectors {
+		v.Describe(ch)
 	}
 }

@@ -354,49 +376,52 @@ func (ps *prometheusState) Describe(ch chan<- *stdprometheus.Desc) {
 // The removal happens only after their Collect method was called to ensure that
 // also those metrics will be exported on the current scrape.
 func (ps *prometheusState) Collect(ch chan<- stdprometheus.Metric) {
+	for _, v := range ps.vectors {
+		v.Collect(ch)
+	}
+
 	ps.mtx.Lock()
 	defer ps.mtx.Unlock()

-	var outdatedKeys []string
-	for key, cs := range ps.state {
-		cs.collector.Collect(ch)
-
-		if ps.isOutdated(cs) {
-			outdatedKeys = append(outdatedKeys, key)
+	for _, ep := range ps.deletedEP {
+		if !ps.dynamicConfig.hasEntryPoint(ep) {
+			ps.DeletePartialMatch(map[string]string{"entrypoint": ep})
 		}
 	}

-	for _, key := range outdatedKeys {
-		ps.state[key].delete()
-		delete(ps.state, key)
+	for _, router := range ps.deletedRouters {
+		if !ps.dynamicConfig.hasRouter(router) {
+			ps.DeletePartialMatch(map[string]string{"router": router})
+		}
 	}
+
+	for _, service := range ps.deletedServices {
+		if !ps.dynamicConfig.hasService(service) {
+			ps.DeletePartialMatch(map[string]string{"service": service})
+		}
+	}
+
+	for service, url := range ps.deletedURLs {
+		if !ps.dynamicConfig.hasServerURL(service, url) {
+			ps.DeletePartialMatch(map[string]string{"service": service, "url": url})
+		}
+	}
+
+	ps.deletedEP = nil
+	ps.deletedRouters = nil
+	ps.deletedServices = nil
+	ps.deletedURLs = make(map[string]string)
 }

-// isOutdated checks whether the passed collector has labels that mark
-// it as belonging to an outdated configuration of Traefik.
-func (ps *prometheusState) isOutdated(collector *collector) bool {
-	labels := collector.labels
-
-	if entrypointName, ok := labels["entrypoint"]; ok && !ps.dynamicConfig.hasEntryPoint(entrypointName) {
-		return true
+// DeletePartialMatch deletes all metrics where the variable labels contain all of those passed in as labels.
+// The order of the labels does not matter.
+// It returns the number of metrics deleted.
+func (ps *prometheusState) DeletePartialMatch(labels stdprometheus.Labels) int {
+	var count int
+	for _, elem := range ps.vectors {
+		count += elem.DeletePartialMatch(labels)
 	}
-
-	if routerName, ok := labels["router"]; ok {
-		if !ps.dynamicConfig.hasRouter(routerName) {
-			return true
-		}
-	}
-
-	if serviceName, ok := labels["service"]; ok {
-		if !ps.dynamicConfig.hasService(serviceName) {
-			return true
-		}
-		if url, ok := labels["url"]; ok && !ps.dynamicConfig.hasServerURL(serviceName, url) {
-			return true
-		}
-	}
-
-	return false
+	return count
 }

 func newDynamicConfig() *dynamicConfig {
@@ -440,42 +465,15 @@ func (d *dynamicConfig) hasServerURL(serviceName, serverURL string) bool {
 	return false
 }

-func newCollector(metricName string, labels stdprometheus.Labels, c stdprometheus.Collector, deleteFn func()) *collector {
-	return &collector{
-		id:        buildMetricID(metricName, labels),
-		labels:    labels,
-		collector: c,
-		delete:    deleteFn,
-	}
-}
-
-// collector wraps a Collector object from the Prometheus client library.
-// It adds information on how many generations this metric should be present
-// in the /metrics output, relative to the time it was last tracked.
-type collector struct {
-	id        string
-	labels    stdprometheus.Labels
-	collector stdprometheus.Collector
-	delete    func()
-}
-
-func buildMetricID(metricName string, labels stdprometheus.Labels) string {
-	var labelNamesValues []string
-	for name, value := range labels {
-		labelNamesValues = append(labelNamesValues, name, value)
-	}
-	sort.Strings(labelNamesValues)
-	return metricName + ":" + strings.Join(labelNamesValues, "|")
-}
-
-func newCounterFrom(collectors chan<- *collector, opts stdprometheus.CounterOpts, labelNames []string) *counter {
+func newCounterFrom(opts stdprometheus.CounterOpts, labelNames []string) *counter {
 	cv := stdprometheus.NewCounterVec(opts, labelNames)
 	c := &counter{
-		name:       opts.Name,
-		cv:         cv,
-		collectors: collectors,
+		name:             opts.Name,
+		cv:               cv,
+		labelNamesValues: make([]string, 0, 16),
 	}
 	if len(labelNames) == 0 {
+		c.collector = cv.WithLabelValues()
 		c.Add(0)
 	}
 	return c
@@ -485,39 +483,37 @@ type counter struct {
 	name             string
 	cv               *stdprometheus.CounterVec
 	labelNamesValues labelNamesValues
-	collectors       chan<- *collector
+	collector        stdprometheus.Counter
 }

 func (c *counter) With(labelValues ...string) metrics.Counter {
+	lnv := c.labelNamesValues.With(labelValues...)
 	return &counter{
 		name:             c.name,
 		cv:               c.cv,
-		labelNamesValues: c.labelNamesValues.With(labelValues...),
-		collectors:       c.collectors,
+		labelNamesValues: lnv,
+		collector:        c.cv.With(lnv.ToLabels()),
 	}
 }

 func (c *counter) Add(delta float64) {
-	labels := c.labelNamesValues.ToLabels()
-	collector := c.cv.With(labels)
-	collector.Add(delta)
-	c.collectors <- newCollector(c.name, labels, collector, func() {
-		c.cv.Delete(labels)
-	})
+	c.collector.Add(delta)
 }

 func (c *counter) Describe(ch chan<- *stdprometheus.Desc) {
 	c.cv.Describe(ch)
 }

-func newGaugeFrom(collectors chan<- *collector, opts stdprometheus.GaugeOpts, labelNames []string) *gauge {
+func newGaugeFrom(opts stdprometheus.GaugeOpts, labelNames []string) *gauge {
 	gv := stdprometheus.NewGaugeVec(opts, labelNames)
 	g := &gauge{
-		name:       opts.Name,
-		gv:         gv,
-		collectors: collectors,
+		name:             opts.Name,
+		gv:               gv,
+		labelNamesValues: make([]string, 0, 16),
 	}
+
 	if len(labelNames) == 0 {
+		g.collector = gv.WithLabelValues()
 		g.Set(0)
 	}
 	return g
@@ -527,46 +523,37 @@ type gauge struct {
 	name             string
 	gv               *stdprometheus.GaugeVec
 	labelNamesValues labelNamesValues
-	collectors       chan<- *collector
+	collector        stdprometheus.Gauge
 }

 func (g *gauge) With(labelValues ...string) metrics.Gauge {
+	lnv := g.labelNamesValues.With(labelValues...)
 	return &gauge{
 		name:             g.name,
 		gv:               g.gv,
-		labelNamesValues: g.labelNamesValues.With(labelValues...),
-		collectors:       g.collectors,
+		labelNamesValues: lnv,
+		collector:        g.gv.With(lnv.ToLabels()),
 	}
 }

 func (g *gauge) Add(delta float64) {
-	labels := g.labelNamesValues.ToLabels()
-	collector := g.gv.With(labels)
-	collector.Add(delta)
-	g.collectors <- newCollector(g.name, labels, collector, func() {
-		g.gv.Delete(labels)
-	})
+	g.collector.Add(delta)
 }

 func (g *gauge) Set(value float64) {
-	labels := g.labelNamesValues.ToLabels()
-	collector := g.gv.With(labels)
-	collector.Set(value)
-	g.collectors <- newCollector(g.name, labels, collector, func() {
-		g.gv.Delete(labels)
-	})
+	g.collector.Set(value)
 }

 func (g *gauge) Describe(ch chan<- *stdprometheus.Desc) {
 	g.gv.Describe(ch)
 }

-func newHistogramFrom(collectors chan<- *collector, opts stdprometheus.HistogramOpts, labelNames []string) *histogram {
+func newHistogramFrom(opts stdprometheus.HistogramOpts, labelNames []string) *histogram {
 	hv := stdprometheus.NewHistogramVec(opts, labelNames)
 	return &histogram{
-		name:       opts.Name,
-		hv:         hv,
-		collectors: collectors,
+		name:             opts.Name,
+		hv:               hv,
+		labelNamesValues: make([]string, 0, 16),
 	}
 }

@@ -574,28 +561,21 @@ type histogram struct {
 	name             string
 	hv               *stdprometheus.HistogramVec
 	labelNamesValues labelNamesValues
-	collectors       chan<- *collector
+	collector        stdprometheus.Observer
 }

 func (h *histogram) With(labelValues ...string) metrics.Histogram {
+	lnv := h.labelNamesValues.With(labelValues...)
 	return &histogram{
 		name:             h.name,
 		hv:               h.hv,
-		labelNamesValues: h.labelNamesValues.With(labelValues...),
-		collectors:       h.collectors,
+		labelNamesValues: lnv,
+		collector:        h.hv.With(lnv.ToLabels()),
 	}
 }

 func (h *histogram) Observe(value float64) {
-	labels := h.labelNamesValues.ToLabels()
-	observer := h.hv.With(labels)
-	observer.Observe(value)
-	// Do a type assertion to be sure that prometheus will be able to call the Collect method.
-	if collector, ok := observer.(stdprometheus.Histogram); ok {
-		h.collectors <- newCollector(h.name, labels, collector, func() {
-			h.hv.Delete(labels)
-		})
-	}
+	h.collector.Observe(value)
 }

 func (h *histogram) Describe(ch chan<- *stdprometheus.Desc) {
@@ -618,7 +598,7 @@ func (lvs labelNamesValues) With(labelValues ...string) labelNamesValues {
 // ToLabels is a convenience method to convert a labelNamesValues
 // to the native prometheus.Labels.
 func (lvs labelNamesValues) ToLabels() stdprometheus.Labels {
-	labels := stdprometheus.Labels{}
+	labels := make(map[string]string, len(lvs)/2)
 	for i := 0; i < len(lvs); i += 2 {
 		labels[lvs[i]] = lvs[i+1]
 	}
--- a/pkg/metrics/prometheus_test.go
+++ b/pkg/metrics/prometheus_test.go
@@ -17,8 +17,7 @@ import (
 )

 func TestRegisterPromState(t *testing.T) {
-	// Reset state of global promState.
-	defer promState.reset()
+	t.Cleanup(promState.reset)

 	testCases := []struct {
 		desc                 string
@@ -88,21 +87,10 @@ func TestRegisterPromState(t *testing.T) {
 	}
 }

-// reset is a utility method for unit testing. It should be called after each
-// test run that changes promState internally in order to avoid dependencies
-// between unit tests.
-func (ps *prometheusState) reset() {
-	ps.collectors = make(chan *collector)
-	ps.describers = []func(ch chan<- *prometheus.Desc){}
-	ps.dynamicConfig = newDynamicConfig()
-	ps.state = make(map[string]*collector)
-}
-
 func TestPrometheus(t *testing.T) {
 	promState = newPrometheusState()
 	promRegistry = prometheus.NewRegistry()
-	// Reset state of global promState.
-	defer promState.reset()
+	t.Cleanup(promState.reset)

 	prometheusRegistry := RegisterPrometheus(context.Background(), &types.Prometheus{AddEntryPointsLabels: true, AddRoutersLabels: true, AddServicesLabels: true})
 	defer promRegistry.Unregister(promState)
@@ -361,30 +349,40 @@ func TestPrometheus(t *testing.T) {
 func TestPrometheusMetricRemoval(t *testing.T) {
 	promState = newPrometheusState()
 	promRegistry = prometheus.NewRegistry()
-	// Reset state of global promState.
-	defer promState.reset()
+	t.Cleanup(promState.reset)

 	prometheusRegistry := RegisterPrometheus(context.Background(), &types.Prometheus{AddEntryPointsLabels: true, AddServicesLabels: true, AddRoutersLabels: true})
 	defer promRegistry.Unregister(promState)

-	conf := dynamic.Configuration{
+	conf1 := dynamic.Configuration{
 		HTTP: th.BuildConfiguration(
 			th.WithRouters(
-				th.WithRouter("foo@providerName",
-					th.WithServiceName("bar")),
+				th.WithRouter("foo@providerName", th.WithServiceName("bar")),
+				th.WithRouter("router2", th.WithServiceName("bar@providerName")),
 			),
-			th.WithLoadBalancerServices(th.WithService("bar@providerName",
-				th.WithServers(th.WithServer("http://localhost:9000"))),
+			th.WithLoadBalancerServices(
+				th.WithService("bar@providerName", th.WithServers(
+					th.WithServer("http://localhost:9000"),
+					th.WithServer("http://localhost:9999"),
+				)),
+				th.WithService("service1", th.WithServers(th.WithServer("http://localhost:9000"))),
 			),
-			func(cfg *dynamic.HTTPConfiguration) {
-				cfg.Services["fii"] = &dynamic.Service{
-					Weighted: &dynamic.WeightedRoundRobin{},
-				}
-			},
 		),
 	}

-	OnConfigurationUpdate(conf, []string{"entrypoint1"})
+	conf2 := dynamic.Configuration{
+		HTTP: th.BuildConfiguration(
+			th.WithRouters(
+				th.WithRouter("foo@providerName", th.WithServiceName("bar")),
+			),
+			th.WithLoadBalancerServices(
+				th.WithService("bar@providerName", th.WithServers(th.WithServer("http://localhost:9000"))),
+			),
+		),
+	}
+
+	OnConfigurationUpdate(conf1, []string{"entrypoint1", "entrypoint2"})
+	OnConfigurationUpdate(conf2, []string{"entrypoint1"})

 	// Register some metrics manually that are not part of the active configuration.
 	// Those metrics should be part of the /metrics output on the first scrape but
@@ -393,22 +391,21 @@ func TestPrometheusMetricRemoval(t *testing.T) {
 		EntryPointReqsCounter().
 		With("entrypoint", "entrypoint2", "code", strconv.Itoa(http.StatusOK), "method", http.MethodGet, "protocol", "http").
 		Add(1)
+	prometheusRegistry.
+		RouterReqsCounter().
+		With("router", "router2", "service", "bar@providerName", "code", strconv.Itoa(http.StatusOK), "method", http.MethodGet, "protocol", "http").
+		Add(1)
 	prometheusRegistry.
 		ServiceReqsCounter().
-		With("service", "service2", "code", strconv.Itoa(http.StatusOK), "method", http.MethodGet, "protocol", "http").
+		With("service", "service1", "code", strconv.Itoa(http.StatusOK), "method", http.MethodGet, "protocol", "http").
 		Add(1)
 	prometheusRegistry.
 		ServiceServerUpGauge().
-		With("service", "service1", "url", "http://localhost:9999").
+		With("service", "bar@providerName", "url", "http://localhost:9999").
 		Set(1)
-	prometheusRegistry.
-		RouterReqsCounter().
-		With("router", "router2", "service", "service2", "code", strconv.Itoa(http.StatusOK), "method", http.MethodGet, "protocol", "http").
-		Add(1)

-	assertMetricsExist(t, mustScrape(), entryPointReqsTotalName, serviceReqsTotalName, serviceServerUpName)
-	assertMetricsAbsent(t, mustScrape(), entryPointReqsTotalName, serviceReqsTotalName, serviceServerUpName)
-	assertMetricsAbsent(t, mustScrape(), routerReqsTotalName, routerReqDurationName, routerOpenConnsName)
+	assertMetricsExist(t, mustScrape(), entryPointReqsTotalName, routerReqsTotalName, serviceReqsTotalName, serviceServerUpName)
+	assertMetricsAbsent(t, mustScrape(), entryPointReqsTotalName, routerReqsTotalName, serviceReqsTotalName, serviceServerUpName)

 	// To verify that metrics belonging to active configurations are not removed
 	// here the counter examples.
@@ -418,24 +415,39 @@ func TestPrometheusMetricRemoval(t *testing.T) {
 		Add(1)
 	prometheusRegistry.
 		RouterReqsCounter().
-		With("router", "foo@providerName", "service", "bar@providerName", "code", strconv.Itoa(http.StatusOK), "method", http.MethodGet, "protocol", "http").
+		With("router", "foo@providerName", "service", "bar", "code", strconv.Itoa(http.StatusOK), "method", http.MethodGet, "protocol", "http").
 		Add(1)
+	prometheusRegistry.
+		ServiceReqsCounter().
+		With("service", "bar@providerName", "code", strconv.Itoa(http.StatusOK), "method", http.MethodGet, "protocol", "http").
+		Add(1)
+	prometheusRegistry.
+		ServiceServerUpGauge().
+		With("service", "bar@providerName", "url", "http://localhost:9000").
+		Set(1)

 	delayForTrackingCompletion()

-	assertMetricsExist(t, mustScrape(), entryPointReqsTotalName)
-	assertMetricsExist(t, mustScrape(), entryPointReqsTotalName)
-	assertMetricsExist(t, mustScrape(), routerReqsTotalName)
-	assertMetricsExist(t, mustScrape(), routerReqsTotalName)
+	assertMetricsExist(t, mustScrape(), entryPointReqsTotalName, serviceReqsTotalName, serviceServerUpName, routerReqsTotalName)
+	assertMetricsExist(t, mustScrape(), entryPointReqsTotalName, serviceReqsTotalName, serviceServerUpName, routerReqsTotalName)
 }

 func TestPrometheusRemovedMetricsReset(t *testing.T) {
-	// Reset state of global promState.
-	defer promState.reset()
+	t.Cleanup(promState.reset)

 	prometheusRegistry := RegisterPrometheus(context.Background(), &types.Prometheus{AddEntryPointsLabels: true, AddServicesLabels: true})
 	defer promRegistry.Unregister(promState)

+	conf1 := dynamic.Configuration{
+		HTTP: th.BuildConfiguration(
+			th.WithLoadBalancerServices(th.WithService("service",
+				th.WithServers(th.WithServer("http://localhost:9000"))),
+			),
+		),
+	}
+	OnConfigurationUpdate(conf1, []string{"entrypoint1", "entrypoint2"})
+	OnConfigurationUpdate(dynamic.Configuration{}, nil)
+
 	labelNamesValues := []string{
 		"service", "service",
 		"code", strconv.Itoa(http.StatusOK),
@@ -467,12 +479,24 @@ func TestPrometheusRemovedMetricsReset(t *testing.T) {
 	assertCounterValue(t, 1, findMetricFamily(serviceReqsTotalName, metricsFamilies), labelNamesValues...)
 }

+// reset is a utility method for unit testing.
+// It should be called after each test run that changes promState internally
+// in order to avoid dependencies between unit tests.
+func (ps *prometheusState) reset() {
+	ps.dynamicConfig = newDynamicConfig()
+	ps.vectors = nil
+	ps.deletedEP = nil
+	ps.deletedRouters = nil
+	ps.deletedServices = nil
+	ps.deletedURLs = make(map[string]string)
+}
+
 // Tracking and gathering the metrics happens concurrently.
-// In practice this is no problem, because in case a tracked metric would miss
-// the current scrape, it would just be there in the next one.
-// That we can test reliably the tracking of all metrics here, we sleep
-// for a short amount of time, to make sure the metric will be present
-// in the next scrape.
+// In practice this is no problem, because in case a tracked metric would miss the current scrape,
+// it would just be there in the next one.
+// That we can test reliably the tracking of all metrics here,
+// we sleep for a short amount of time,
+// to make sure the metric will be present in the next scrape.
 func delayForTrackingCompletion() {
 	time.Sleep(250 * time.Millisecond)
 }
--- a/pkg/middlewares/forwardedheaders/forwarded_header.go
+++ b/pkg/middlewares/forwardedheaders/forwarded_header.go
@@ -142,6 +142,9 @@ func (x *XForwarded) rewrite(outreq *http.Request) {

 	xfProto := unsafeHeader(outreq.Header).Get(xForwardedProto)
 	if xfProto == "" {
+		// TODO: is this expected to set the X-Forwarded-Proto header value to
+		// ws(s) as the underlying request used to upgrade the connection is
+		// made over HTTP(S)?
 		if isWebsocketRequest(outreq) {
 			if outreq.TLS != nil {
 				unsafeHeader(outreq.Header).Set(xForwardedProto, "wss")
--- a/pkg/middlewares/metrics/metrics.go
+++ b/pkg/middlewares/metrics/metrics.go
@@ -103,8 +103,9 @@ func (m *metricsMiddleware) ServeHTTP(rw http.ResponseWriter, req *http.Request)
 	labels = append(labels, m.baseLabels...)
 	labels = append(labels, "method", getMethod(req), "protocol", getRequestProtocol(req))

-	m.openConnsGauge.With(labels...).Add(1)
-	defer m.openConnsGauge.With(labels...).Add(-1)
+	openConnsGauge := m.openConnsGauge.With(labels...)
+	openConnsGauge.Add(1)
+	defer openConnsGauge.Add(-1)

 	// TLS metrics
 	if req.TLS != nil {
@@ -122,8 +123,7 @@ func (m *metricsMiddleware) ServeHTTP(rw http.ResponseWriter, req *http.Request)

 	labels = append(labels, "code", strconv.Itoa(recorder.getCode()))

-	histograms := m.reqDurationHistogram.With(labels...)
-	histograms.ObserveFromStart(start)
+	m.reqDurationHistogram.With(labels...).ObserveFromStart(start)

 	m.reqsCounter.With(labels...).Add(1)
 }
--- a/pkg/middlewares/redirect/redirect_scheme.go
+++ b/pkg/middlewares/redirect/redirect_scheme.go
@@ -33,10 +33,10 @@ func NewRedirectScheme(ctx context.Context, next http.Handler, conf dynamic.Redi
 		port = ":" + conf.Port
 	}

-	return newRedirect(next, uriPattern, conf.Scheme+"://${2}"+port+"${4}", conf.Permanent, rawURLScheme, name)
+	return newRedirect(next, uriPattern, conf.Scheme+"://${2}"+port+"${4}", conf.Permanent, clientRequestURL, name)
 }

-func rawURLScheme(req *http.Request) string {
+func clientRequestURL(req *http.Request) string {
 	scheme := schemeHTTP
 	host, port, err := net.SplitHostPort(req.Host)
 	if err != nil {
@@ -64,8 +64,20 @@ func rawURLScheme(req *http.Request) string {
 		scheme = schemeHTTPS
 	}

-	if value := req.Header.Get(xForwardedProto); value != "" {
-		scheme = value
+	if xProto := req.Header.Get(xForwardedProto); xProto != "" {
+		// When the initial request is a connection upgrade request,
+		// X-Forwarded-Proto header might have been set by a previous hop to ws(s),
+		// even though the actual protocol used so far is HTTP(s).
+		// Given that we're in a middleware that is only used in the context of HTTP(s) requests,
+		// the only possible valid schemes are one of "http" or "https", so we convert back to them.
+		switch {
+		case strings.EqualFold(xProto, "ws"):
+			scheme = schemeHTTP
+		case strings.EqualFold(xProto, "wss"):
+			scheme = schemeHTTPS
+		default:
+			scheme = xProto
+		}
 	}

 	if scheme == schemeHTTP && port == ":80" || scheme == schemeHTTPS && port == ":443" {
--- a/pkg/middlewares/redirect/redirect_scheme_test.go
+++ b/pkg/middlewares/redirect/redirect_scheme_test.go
@@ -63,6 +63,41 @@ func TestRedirectSchemeHandler(t *testing.T) {
 			},
 			expectedStatus: http.StatusOK,
 		},
+		{
+			desc: "HTTP to HTTPS, with X-Forwarded-Proto to unknown value",
+			config: dynamic.RedirectScheme{
+				Scheme: "https",
+			},
+			url: "http://foo",
+			headers: map[string]string{
+				"X-Forwarded-Proto": "bar",
+			},
+			expectedURL:    "https://bar://foo",
+			expectedStatus: http.StatusFound,
+		},
+		{
+			desc: "HTTP to HTTPS, with X-Forwarded-Proto to ws",
+			config: dynamic.RedirectScheme{
+				Scheme: "https",
+			},
+			url: "http://foo",
+			headers: map[string]string{
+				"X-Forwarded-Proto": "ws",
+			},
+			expectedURL:    "https://foo",
+			expectedStatus: http.StatusFound,
+		},
+		{
+			desc: "HTTP to HTTPS, with X-Forwarded-Proto to wss",
+			config: dynamic.RedirectScheme{
+				Scheme: "https",
+			},
+			url: "http://foo",
+			headers: map[string]string{
+				"X-Forwarded-Proto": "wss",
+			},
+			expectedStatus: http.StatusOK,
+		},
 		{
 			desc: "HTTP with port to HTTPS without port",
 			config: dynamic.RedirectScheme{
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressroute.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressroute.go
@@ -13,72 +13,72 @@ type IngressRouteSpec struct {
 	Routes []Route `json:"routes"`
 	// EntryPoints defines the list of entry point names to bind to.
 	// Entry points have to be configured in the static configuration.
-	// More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
+	// More info: https://doc.traefik.io/traefik/v2.8/routing/entrypoints/
 	// Default: all.
 	EntryPoints []string `json:"entryPoints,omitempty"`
 	// TLS defines the TLS configuration.
-	// More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#tls
+	// More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#tls
 	TLS *TLS `json:"tls,omitempty"`
 }

 // Route holds the HTTP route configuration.
 type Route struct {
 	// Match defines the router's rule.
-	// More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#rule
+	// More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#rule
 	Match string `json:"match"`
 	// Kind defines the kind of the route.
 	// Rule is the only supported kind.
 	// +kubebuilder:validation:Enum=Rule
 	Kind string `json:"kind"`
 	// Priority defines the router's priority.
-	// More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#priority
+	// More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#priority
 	Priority int `json:"priority,omitempty"`
 	// Services defines the list of Service.
 	// It can contain any combination of TraefikService and/or reference to a Kubernetes Service.
 	Services []Service `json:"services,omitempty"`
 	// Middlewares defines the list of references to Middleware resources.
-	// More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-middleware
+	// More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-middleware
 	Middlewares []MiddlewareRef `json:"middlewares,omitempty"`
 }

 // TLS holds the TLS configuration.
-// More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#tls
+// More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#tls
 type TLS struct {
 	// SecretName is the name of the referenced Kubernetes Secret to specify the certificate details.
 	SecretName string `json:"secretName,omitempty"`
 	// Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
 	// If not defined, the `default` TLSOption is used.
-	// More info: https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options
+	// More info: https://doc.traefik.io/traefik/v2.8/https/tls/#tls-options
 	Options *TLSOptionRef `json:"options,omitempty"`
 	// Store defines the reference to the TLSStore, that will be used to store certificates.
 	// Please note that only `default` TLSStore can be used.
 	Store *TLSStoreRef `json:"store,omitempty"`
 	// CertResolver defines the name of the certificate resolver to use.
 	// Cert resolvers have to be configured in the static configuration.
-	// More info: https://doc.traefik.io/traefik/v2.7/https/acme/#certificate-resolvers
+	// More info: https://doc.traefik.io/traefik/v2.8/https/acme/#certificate-resolvers
 	CertResolver string `json:"certResolver,omitempty"`
 	// Domains defines the list of domains that will be used to issue certificates.
-	// More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#domains
+	// More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#domains
 	Domains []types.Domain `json:"domains,omitempty"`
 }

 // TLSOptionRef is a reference to a TLSOption resource.
 type TLSOptionRef struct {
 	// Name defines the name of the referenced TLSOption.
-	// More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsoption
+	// More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-tlsoption
 	Name string `json:"name"`
 	// Namespace defines the namespace of the referenced TLSOption.
-	// More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsoption
+	// More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-tlsoption
 	Namespace string `json:"namespace,omitempty"`
 }

 // TLSStoreRef is a reference to a TLSStore resource.
 type TLSStoreRef struct {
 	// Name defines the name of the referenced TLSStore.
-	// More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsstore
+	// More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-tlsstore
 	Name string `json:"name"`
 	// Namespace defines the namespace of the referenced TLSStore.
-	// More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsstore
+	// More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-tlsstore
 	Namespace string `json:"namespace,omitempty"`
 }

@@ -95,7 +95,7 @@ type LoadBalancerSpec struct {
 	// Namespace defines the namespace of the referenced Kubernetes Service or TraefikService.
 	Namespace string `json:"namespace,omitempty"`
 	// Sticky defines the sticky sessions configuration.
-	// More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions
+	// More info: https://doc.traefik.io/traefik/v2.8/routing/services/#sticky-sessions
 	Sticky *dynamic.Sticky `json:"sticky,omitempty"`
 	// Port defines the port of a Kubernetes Service.
 	// This can be a reference to a named port.
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressroutetcp.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressroutetcp.go
@@ -13,21 +13,21 @@ type IngressRouteTCPSpec struct {
 	Routes []RouteTCP `json:"routes"`
 	// EntryPoints defines the list of entry point names to bind to.
 	// Entry points have to be configured in the static configuration.
-	// More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
+	// More info: https://doc.traefik.io/traefik/v2.8/routing/entrypoints/
 	// Default: all.
 	EntryPoints []string `json:"entryPoints,omitempty"`
 	// TLS defines the TLS configuration on a layer 4 / TCP Route.
-	// More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#tls_1
+	// More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#tls_1
 	TLS *TLSTCP `json:"tls,omitempty"`
 }

 // RouteTCP holds the TCP route configuration.
 type RouteTCP struct {
 	// Match defines the router's rule.
-	// More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#rule_1
+	// More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#rule_1
 	Match string `json:"match"`
 	// Priority defines the router's priority.
-	// More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#priority_1
+	// More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#priority_1
 	Priority int `json:"priority,omitempty"`
 	// Services defines the list of TCP services.
 	Services []ServiceTCP `json:"services,omitempty"`
@@ -36,7 +36,7 @@ type RouteTCP struct {
 }

 // TLSTCP holds the TLS configuration for an IngressRouteTCP.
-// More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#tls_1
+// More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#tls_1
 type TLSTCP struct {
 	// SecretName is the name of the referenced Kubernetes Secret to specify the certificate details.
 	SecretName string `json:"secretName,omitempty"`
@@ -44,17 +44,17 @@ type TLSTCP struct {
 	Passthrough bool `json:"passthrough,omitempty"`
 	// Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
 	// If not defined, the `default` TLSOption is used.
-	// More info: https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options
+	// More info: https://doc.traefik.io/traefik/v2.8/https/tls/#tls-options
 	Options *ObjectReference `json:"options,omitempty"`
 	// Store defines the reference to the TLSStore, that will be used to store certificates.
 	// Please note that only `default` TLSStore can be used.
 	Store *ObjectReference `json:"store,omitempty"`
 	// CertResolver defines the name of the certificate resolver to use.
 	// Cert resolvers have to be configured in the static configuration.
-	// More info: https://doc.traefik.io/traefik/v2.7/https/acme/#certificate-resolvers
+	// More info: https://doc.traefik.io/traefik/v2.8/https/acme/#certificate-resolvers
 	CertResolver string `json:"certResolver,omitempty"`
 	// Domains defines the list of domains that will be used to issue certificates.
-	// More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#domains
+	// More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#domains
 	Domains []types.Domain `json:"domains,omitempty"`
 }

@@ -76,7 +76,7 @@ type ServiceTCP struct {
 	// A negative value means an infinite deadline (i.e. the reading capability is never closed).
 	TerminationDelay *int `json:"terminationDelay,omitempty"`
 	// ProxyProtocol defines the PROXY protocol configuration.
-	// More info: https://doc.traefik.io/traefik/v2.7/routing/services/#proxy-protocol
+	// More info: https://doc.traefik.io/traefik/v2.8/routing/services/#proxy-protocol
 	ProxyProtocol *dynamic.ProxyProtocol `json:"proxyProtocol,omitempty"`
 }

--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressrouteudp.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressrouteudp.go
@@ -11,7 +11,7 @@ type IngressRouteUDPSpec struct {
 	Routes []RouteUDP `json:"routes"`
 	// EntryPoints defines the list of entry point names to bind to.
 	// Entry points have to be configured in the static configuration.
-	// More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
+	// More info: https://doc.traefik.io/traefik/v2.8/routing/entrypoints/
 	// Default: all.
 	EntryPoints []string `json:"entryPoints,omitempty"`
 }
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/middleware.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/middleware.go
@@ -12,7 +12,7 @@ import (
 // +kubebuilder:storageversion

 // Middleware is the CRD implementation of a Traefik Middleware.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/overview/
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/overview/
 type Middleware struct {
 	metav1.TypeMeta `json:",inline"`
 	// Standard object's metadata.
@@ -26,36 +26,38 @@ type Middleware struct {

 // MiddlewareSpec defines the desired state of a Middleware.
 type MiddlewareSpec struct {
-	AddPrefix         *dynamic.AddPrefix             `json:"addPrefix,omitempty"`
-	StripPrefix       *dynamic.StripPrefix           `json:"stripPrefix,omitempty"`
-	StripPrefixRegex  *dynamic.StripPrefixRegex      `json:"stripPrefixRegex,omitempty"`
-	ReplacePath       *dynamic.ReplacePath           `json:"replacePath,omitempty"`
-	ReplacePathRegex  *dynamic.ReplacePathRegex      `json:"replacePathRegex,omitempty"`
-	Chain             *Chain                         `json:"chain,omitempty"`
-	IPWhiteList       *dynamic.IPWhiteList           `json:"ipWhiteList,omitempty"`
-	Headers           *dynamic.Headers               `json:"headers,omitempty"`
-	Errors            *ErrorPage                     `json:"errors,omitempty"`
-	RateLimit         *RateLimit                     `json:"rateLimit,omitempty"`
-	RedirectRegex     *dynamic.RedirectRegex         `json:"redirectRegex,omitempty"`
-	RedirectScheme    *dynamic.RedirectScheme        `json:"redirectScheme,omitempty"`
-	BasicAuth         *BasicAuth                     `json:"basicAuth,omitempty"`
-	DigestAuth        *DigestAuth                    `json:"digestAuth,omitempty"`
-	ForwardAuth       *ForwardAuth                   `json:"forwardAuth,omitempty"`
-	InFlightReq       *dynamic.InFlightReq           `json:"inFlightReq,omitempty"`
-	Buffering         *dynamic.Buffering             `json:"buffering,omitempty"`
-	CircuitBreaker    *CircuitBreaker                `json:"circuitBreaker,omitempty"`
-	Compress          *dynamic.Compress              `json:"compress,omitempty"`
-	PassTLSClientCert *dynamic.PassTLSClientCert     `json:"passTLSClientCert,omitempty"`
-	Retry             *Retry                         `json:"retry,omitempty"`
-	ContentType       *dynamic.ContentType           `json:"contentType,omitempty"`
-	Plugin            map[string]apiextensionv1.JSON `json:"plugin,omitempty"`
+	AddPrefix         *dynamic.AddPrefix         `json:"addPrefix,omitempty"`
+	StripPrefix       *dynamic.StripPrefix       `json:"stripPrefix,omitempty"`
+	StripPrefixRegex  *dynamic.StripPrefixRegex  `json:"stripPrefixRegex,omitempty"`
+	ReplacePath       *dynamic.ReplacePath       `json:"replacePath,omitempty"`
+	ReplacePathRegex  *dynamic.ReplacePathRegex  `json:"replacePathRegex,omitempty"`
+	Chain             *Chain                     `json:"chain,omitempty"`
+	IPWhiteList       *dynamic.IPWhiteList       `json:"ipWhiteList,omitempty"`
+	Headers           *dynamic.Headers           `json:"headers,omitempty"`
+	Errors            *ErrorPage                 `json:"errors,omitempty"`
+	RateLimit         *RateLimit                 `json:"rateLimit,omitempty"`
+	RedirectRegex     *dynamic.RedirectRegex     `json:"redirectRegex,omitempty"`
+	RedirectScheme    *dynamic.RedirectScheme    `json:"redirectScheme,omitempty"`
+	BasicAuth         *BasicAuth                 `json:"basicAuth,omitempty"`
+	DigestAuth        *DigestAuth                `json:"digestAuth,omitempty"`
+	ForwardAuth       *ForwardAuth               `json:"forwardAuth,omitempty"`
+	InFlightReq       *dynamic.InFlightReq       `json:"inFlightReq,omitempty"`
+	Buffering         *dynamic.Buffering         `json:"buffering,omitempty"`
+	CircuitBreaker    *CircuitBreaker            `json:"circuitBreaker,omitempty"`
+	Compress          *dynamic.Compress          `json:"compress,omitempty"`
+	PassTLSClientCert *dynamic.PassTLSClientCert `json:"passTLSClientCert,omitempty"`
+	Retry             *Retry                     `json:"retry,omitempty"`
+	ContentType       *dynamic.ContentType       `json:"contentType,omitempty"`
+	// Plugin defines the middleware plugin configuration.
+	// More info: https://doc.traefik.io/traefik/plugins/
+	Plugin map[string]apiextensionv1.JSON `json:"plugin,omitempty"`
 }

 // +k8s:deepcopy-gen=true

 // ErrorPage holds the custom error middleware configuration.
 // This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/errorpages/
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/errorpages/
 type ErrorPage struct {
 	// Status defines which status or range of statuses should result in an error page.
 	// It can be either a status code as a number (500),
@@ -64,7 +66,7 @@ type ErrorPage struct {
 	// or a combination of the two (404,418,500-599).
 	Status []string `json:"status,omitempty"`
 	// Service defines the reference to a Kubernetes Service that will serve the error page.
-	// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/errorpages/#service
+	// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/errorpages/#service
 	Service Service `json:"service,omitempty"`
 	// Query defines the URL for the error page (hosted by service).
 	// The {status} variable can be used in order to insert the status code in the URL.
@@ -89,7 +91,7 @@ type CircuitBreaker struct {

 // Chain holds the configuration of the chain middleware.
 // This middleware enables to define reusable combinations of other pieces of middleware.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/chain/
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/chain/
 type Chain struct {
 	// Middlewares is the list of MiddlewareRef which composes the chain.
 	Middlewares []MiddlewareRef `json:"middlewares,omitempty"`
@@ -99,7 +101,7 @@ type Chain struct {

 // BasicAuth holds the basic auth middleware configuration.
 // This middleware restricts access to your services to known users.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/basicauth/
 type BasicAuth struct {
 	// Secret is the name of the referenced Kubernetes Secret containing user credentials.
 	Secret string `json:"secret,omitempty"`
@@ -110,7 +112,7 @@ type BasicAuth struct {
 	// Default: false.
 	RemoveHeader bool `json:"removeHeader,omitempty"`
 	// HeaderField defines a header field to store the authenticated user.
-	// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/#headerfield
+	// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/basicauth/#headerfield
 	HeaderField string `json:"headerField,omitempty"`
 }

@@ -118,7 +120,7 @@ type BasicAuth struct {

 // DigestAuth holds the digest auth middleware configuration.
 // This middleware restricts access to your services to known users.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/digestauth/
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/digestauth/
 type DigestAuth struct {
 	// Secret is the name of the referenced Kubernetes Secret containing user credentials.
 	Secret string `json:"secret,omitempty"`
@@ -128,7 +130,7 @@ type DigestAuth struct {
 	// Default: traefik.
 	Realm string `json:"realm,omitempty"`
 	// HeaderField defines a header field to store the authenticated user.
-	// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/#headerfield
+	// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/basicauth/#headerfield
 	HeaderField string `json:"headerField,omitempty"`
 }

@@ -136,7 +138,7 @@ type DigestAuth struct {

 // ForwardAuth holds the forward auth middleware configuration.
 // This middleware delegates the request authentication to a Service.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/forwardauth/
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/forwardauth/
 type ForwardAuth struct {
 	// Address defines the authentication server address.
 	Address string `json:"address,omitempty"`
@@ -145,7 +147,7 @@ type ForwardAuth struct {
 	// AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers.
 	AuthResponseHeaders []string `json:"authResponseHeaders,omitempty"`
 	// AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
-	// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/forwardauth/#authresponseheadersregex
+	// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/forwardauth/#authresponseheadersregex
 	AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty"`
 	// AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
 	// If not set or empty then all request headers are passed.
@@ -171,7 +173,7 @@ type ClientTLS struct {

 // RateLimit holds the rate limit configuration.
 // This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ratelimit/
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/ratelimit/
 type RateLimit struct {
 	// Average is the maximum rate, by default in requests/s, allowed for the given source.
 	// It defaults to 0, which means no rate limiting.
@@ -195,7 +197,7 @@ type RateLimit struct {
 // Retry holds the retry middleware configuration.
 // This middleware reissues requests a given number of times to a backend server if that server does not reply.
 // As soon as the server answers, the middleware stops retrying, regardless of the response status.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/retry/
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/retry/
 type Retry struct {
 	// Attempts defines how many times the request should be retried.
 	Attempts int `json:"attempts,omitempty"`
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/middlewaretcp.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/middlewaretcp.go
@@ -9,7 +9,7 @@ import (
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

 // MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
-// More info: https://doc.traefik.io/traefik/v2.7/middlewares/overview/
+// More info: https://doc.traefik.io/traefik/v2.8/middlewares/overview/
 type MiddlewareTCP struct {
 	metav1.TypeMeta `json:",inline"`
 	// Standard object's metadata.
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/serverstransport.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/serverstransport.go
@@ -12,7 +12,7 @@ import (
 // ServersTransport is the CRD implementation of a ServersTransport.
 // If no serversTransport is specified, the default@internal will be used.
 // The default@internal serversTransport is created from the static configuration.
-// More info: https://doc.traefik.io/traefik/v2.7/routing/services/#serverstransport_1
+// More info: https://doc.traefik.io/traefik/v2.8/routing/services/#serverstransport_1
 type ServersTransport struct {
 	metav1.TypeMeta `json:",inline"`
 	// Standard object's metadata.
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/service.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/service.go
@@ -13,7 +13,7 @@ import (
 // TraefikService object allows to:
 //  - Apply weight to Services on load-balancing
 //  - Mirror traffic on services
-// More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-traefikservice
+// More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-traefikservice
 type TraefikService struct {
 	metav1.TypeMeta `json:",inline"`
 	// Standard object's metadata.
@@ -49,7 +49,7 @@ type TraefikServiceSpec struct {
 // +k8s:deepcopy-gen=true

 // Mirroring holds the mirroring service configuration.
-// More info: https://doc.traefik.io/traefik/v2.7/routing/services/#mirroring-service
+// More info: https://doc.traefik.io/traefik/v2.8/routing/services/#mirroring-service
 type Mirroring struct {
 	LoadBalancerSpec `json:",inline"`

@@ -75,11 +75,11 @@ type MirrorService struct {
 // +k8s:deepcopy-gen=true

 // WeightedRoundRobin holds the weighted round-robin configuration.
-// More info: https://doc.traefik.io/traefik/v2.7/routing/services/#weighted-round-robin-service
+// More info: https://doc.traefik.io/traefik/v2.8/routing/services/#weighted-round-robin-service
 type WeightedRoundRobin struct {
 	// Services defines the list of Kubernetes Service and/or TraefikService to load-balance, with weight.
 	Services []Service `json:"services,omitempty"`
 	// Sticky defines whether sticky sessions are enabled.
-	// More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
+	// More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
 	Sticky *dynamic.Sticky `json:"sticky,omitempty"`
 }
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsoption.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsoption.go
@@ -9,7 +9,7 @@ import (
 // +kubebuilder:storageversion

 // TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
-// More info: https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options
+// More info: https://doc.traefik.io/traefik/v2.8/https/tls/#tls-options
 type TLSOption struct {
 	metav1.TypeMeta `json:",inline"`
 	// Standard object's metadata.
@@ -32,10 +32,10 @@ type TLSOptionSpec struct {
 	// Default: None.
 	MaxVersion string `json:"maxVersion,omitempty"`
 	// CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
-	// More info: https://doc.traefik.io/traefik/v2.7/https/tls/#cipher-suites
+	// More info: https://doc.traefik.io/traefik/v2.8/https/tls/#cipher-suites
 	CipherSuites []string `json:"cipherSuites,omitempty"`
 	// CurvePreferences defines the preferred elliptic curves in a specific order.
-	// More info: https://doc.traefik.io/traefik/v2.7/https/tls/#curve-preferences
+	// More info: https://doc.traefik.io/traefik/v2.8/https/tls/#curve-preferences
 	CurvePreferences []string `json:"curvePreferences,omitempty"`
 	// ClientAuth defines the server's policy for TLS Client Authentication.
 	ClientAuth ClientAuth `json:"clientAuth,omitempty"`
@@ -45,7 +45,7 @@ type TLSOptionSpec struct {
 	// It is enabled automatically when minVersion or maxVersion are set.
 	PreferServerCipherSuites bool `json:"preferServerCipherSuites,omitempty"`
 	// ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
-	// More info: https://doc.traefik.io/traefik/v2.7/https/tls/#alpn-protocols
+	// More info: https://doc.traefik.io/traefik/v2.8/https/tls/#alpn-protocols
 	ALPNProtocols []string `json:"alpnProtocols,omitempty"`
 }

--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsstore.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsstore.go
@@ -11,7 +11,7 @@ import (
 // TLSStore is the CRD implementation of a Traefik TLS Store.
 // For the time being, only the TLSStore named default is supported.
 // This means that you cannot have two stores that are named default in different Kubernetes namespaces.
-// More info: https://doc.traefik.io/traefik/v2.7/https/tls/#certificates-stores
+// More info: https://doc.traefik.io/traefik/v2.8/https/tls/#certificates-stores
 type TLSStore struct {
 	metav1.TypeMeta `json:",inline"`
 	// Standard object's metadata.
--- a/pkg/types/domains.go
+++ b/pkg/types/domains.go
@@ -8,7 +8,9 @@ import (

 // Domain holds a domain name with SANs.
 type Domain struct {
-	Main string   `description:"Default subject name." json:"main,omitempty" toml:"main,omitempty" yaml:"main,omitempty"`
+	// Main defines the main domain name.
+	Main string `description:"Default subject name." json:"main,omitempty" toml:"main,omitempty" yaml:"main,omitempty"`
+	// SANs defines the subject alternative domain names.
 	SANs []string `description:"Subject alternative names." json:"sans,omitempty" toml:"sans,omitempty" yaml:"sans,omitempty"`
 }

--- a/script/binary
+++ b/script/binary
@@ -26,4 +26,4 @@ CGO_ENABLED=0 GOGC=off go build ${FLAGS[*]} -ldflags "-s -w \
    -X github.com/traefik/traefik/v2/pkg/version.Version=$VERSION \
    -X github.com/traefik/traefik/v2/pkg/version.Codename=$CODENAME \
    -X github.com/traefik/traefik/v2/pkg/version.BuildDate=$DATE" \
-    -a -installsuffix nocgo -o dist/traefik ./cmd/traefik
+    -installsuffix nocgo -o dist/traefik ./cmd/traefik
--- a/script/gcg/traefik-bugfix.toml
+++ b/script/gcg/traefik-bugfix.toml
@@ -4,11 +4,11 @@ RepositoryName = "traefik"
 OutputType = "file"
 FileName = "traefik_changelog.md"

-# example new bugfix v2.7.2
-CurrentRef = "v2.7"
-PreviousRef = "v2.7.1"
-BaseBranch = "v2.7"
-FutureCurrentRefName = "v2.7.2"
+# example new bugfix v2.8.1
+CurrentRef = "v2.8"
+PreviousRef = "v2.8.0"
+BaseBranch = "v2.8"
+FutureCurrentRefName = "v2.8.1"

 ThresholdPreviousRef = 10
 ThresholdCurrentRef = 10
--- a/script/gcg/traefik-final-release-part1.toml
+++ b/script/gcg/traefik-final-release-part1.toml
@@ -4,11 +4,11 @@ RepositoryName = "traefik"
 OutputType = "file"
 FileName = "traefik_changelog.md"

-# example final release of v2.7.0
-CurrentRef = "v2.7"
-PreviousRef = "v2.7.0-rc1"
-BaseBranch = "v2.7"
-FutureCurrentRefName = "v2.7.0"
+# example final release of v2.8.0
+CurrentRef = "v2.8"
+PreviousRef = "v2.8.0-rc1"
+BaseBranch = "v2.8"
+FutureCurrentRefName = "v2.8.0"

 ThresholdPreviousRef = 10
 ThresholdCurrentRef = 10
--- a/script/gcg/traefik-final-release-part2.toml
+++ b/script/gcg/traefik-final-release-part2.toml
@@ -4,11 +4,11 @@ RepositoryName = "traefik"
 OutputType = "file"
 FileName = "traefik_changelog.md"

-# example final release of v2.7.0
-CurrentRef = "v2.7.0-rc1"
-PreviousRef = "v2.6.0-rc1"
+# example final release of v2.8.0
+CurrentRef = "v2.8.0-rc1"
+PreviousRef = "v2.7.0-rc1"
 BaseBranch = "master"
-FutureCurrentRefName = "v2.7.0-rc1"
+FutureCurrentRefName = "v2.8.0-rc1"

 ThresholdPreviousRef = 10
 ThresholdCurrentRef = 10
Author	SHA1	Message	Date
Tom Moulard	c9520480c2	Prepare release v2.8.1	2022-07-11 16:02:09 +02:00
tfny	05c3486347	Update the language for advocating page	2022-07-08 10:28:08 +02:00
Julien Salleyron	0231db05b4	Improve performances when Prometheus metrics are enabled	2022-07-07 18:00:09 +02:00
Maxence Moutoussamy	8f6463ba7a	Support forwarded websocket protocol in RedirectScheme Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>	2022-07-06 11:54:08 +02:00
Dylan Rodgers	28da781194	Add callout for anyone using Traefik to manage commercial applications	2022-07-05 10:02:09 +02:00
Maxence Moutoussamy	51a02caea3	Upgrade valkeyrie to v0.4.1	2022-07-04 15:50:09 +02:00
Tom Moulard	839bc7b3a8	Remove `-a` when building binary	2022-06-30 18:12:08 +02:00
Douglas De Toni Machado	9c79fafeeb	Update deprecation notices	2022-06-30 14:34:08 +02:00
Tom Moulard	9c4b336f3b	Prepare release v2.8.0	2022-06-29 17:38:37 +02:00
romain	aa8fda5eae	Merge current v2.7 into v2.8	2022-06-29 15:57:57 +02:00
Romain	8b22101236	Prepare release v2.7.3	2022-06-29 15:44:08 +02:00
mloiseleur	03598d395b	Add documentation main, SANs and plugin CRD fields	2022-06-29 11:04:09 +02:00
Jean-Baptiste Doumenjou	9d61cb64a2	Ensure that the Datadog client is cleanly stopped	2022-06-29 10:34:08 +02:00